On 02/12/2014 02:25 PM, Curtis Maloney wrote: > On 12 February 2014 21:29, Gwildor Sok <[email protected] > One downside I can think of is that Jinja does not escape variables > by default, which might become a XSS security issue. > > That's quite a large downside!
Jinja2 supports autoescape-by-default, it's a configuration parameter when creating a template environment. Obviously Django would set it to True. So this is not an issue. Carl -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/52FBED5B.3020904%40oddbird.net. For more options, visit https://groups.google.com/groups/opt_out.
