On Sat, 2009-08-01 at 12:17 +1000, Malcolm Tredinnick wrote: > Hi Andrew, > > On Fri, 2009-07-31 at 15:44 -0700, ab wrote: > > When a template tag takes a variable as input and renders its value > > (like the `cycle` or `firstof` tags), that value should respect the > > context's autoescape setting. Right now, the values are never escaped. > > I'm proposing to make this change, and provide a unified way for > > people to implement their own template tags with similar behavior. > > What do people think? > > The proposal's a little lacking on detail. :) > > I doubt you'll find anybody particularly strongly against enabling more > consistent auto-escaping behaviour, however there are two areas I'd > focus on in thinking about how this works: > > (1) Making it easy to write template tags that work in both > environments. It took a little bit of hard thinking to make the current > template filter stuff work in a reasonably transparent fashion. The API > is important. > > (2) Making it fully backwards compatible. This is, I believe, going to > be the hard part, because it just about means this cannot be on by > default, as it will change the output of some existing template tags.
Another item that I remembered in this area: when writing the docs or any example code for this sort of thing, template tags that put variables into the context should not auto-escape those variables contents. Because the context variables will be handled by the normal auto-escaping mechanisms of the template when they are rendered (which may not be the same setting as when the template tag is executed, so autoescaping and marking as a safe string isn't quite as robust). I don't think that will impact the code design, just the docs. But, just in case, something to keep in mind. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
