I'd like to add contextual autoescaping to django templates.
Briefly, it would automatically pick filters for each {{variable}} by
looking at the context in which it appears. So inside a <script>
body, it might convert a value to a valid bundle of JSON; but inside
the query part of a URL, it would %-encode.
You can play with a runnable example at
http://js-quasis-libraries-and-repl.googlecode.com/svn/trunk/index.html
. Just choose one of the "Safe HTML" examples from the dropdown at
the top right and hit enter. There is a detailed writeup based on
experience from another template language at
http://js-quasis-libraries-and-repl.googlecode.com/svn/trunk/safetemplate.html
.
Would anyone be interested in such a thing for Django? If so, how
should I proceed? Is there a mechanism in the templates API that
would allow an optional pass to analyze a bundle of templates and add
filters?
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
