On 21/06/11 20:07, Mike Samuel wrote:
> I'd like to add contextual autoescaping to django templates.
>
> Briefly, it would automatically pick filters for each {{variable}} by
> looking at the context in which it appears. So inside a <script>
> body, it might convert a value to a valid bundle of JSON; but inside
> the query part of a URL, it would %-encode.
>
> You can play with a runnable example at
> http://js-quasis-libraries-and-repl.googlecode.com/svn/trunk/index.html
> . Just choose one of the "Safe HTML" examples from the dropdown at
> the top right and hit enter. There is a detailed writeup based on
> experience from another template language at
> http://js-quasis-libraries-and-repl.googlecode.com/svn/trunk/safetemplate.html
> .
>
> Would anyone be interested in such a thing for Django? If so, how
> should I proceed? Is there a mechanism in the templates API that
> would allow an optional pass to analyze a bundle of templates and add
> filters?
I have a brief look, and concluded that the approach outlined is
probably impossible for Django templates. The main reason for this is
that the grammar of Django templates is extensible via template tags.
This would probably make it impossible to do the static analysis
required. There might be other problems too.
If you wanted to proceed anyway, the way to do it would be to write a
custom template loader and have it do the pre-pass. This could be
written as a third party library.
Regards,
Luke
--
"Our software is idiot proof. If you bought it, that's proof
you're an idiot" (Dogbert)
Luke Plant || http://lukeplant.me.uk/
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
