In addition, Django implements the (non-standard) __html__ protocol: https://code.djangoproject.com/ticket/7261.
I believe escaping will work correctly without many, if any, changes. -- Aymeric. On 12 févr. 2014, at 22:40, Marc Tamlyn <[email protected]> wrote: > Point of order: Jinja2 does now have autoescaping > (http://jinja.pocoo.org/docs/extensions/#autoescape-extension) > > Do not take this as any opinion on the matter > > > On 12 February 2014 21:34, Donald Stufft <[email protected]> wrote: > Crate had one, i'd have to pull it out but it was a pretty simple template. > The sticking > point was it had a 30k item loop which was significantly faster in Jinja2. > > On Feb 12, 2014, at 4:25 PM, Curtis Maloney <[email protected]> > wrote: > >> At this point someone should start asking for real-world examples with >> measurements. >> >> I'm personally of the "let's see if we can improve DTL first, then revisit >> the question" stance. >> >> But in order to show any improvements, we must have timings for the current >> tool. >> >> Can people who've suffered slowness please donate fragments of template >> they've found particularly slow? >> >> >> >> On 12 February 2014 21:29, Gwildor Sok <[email protected]> wrote: >> There are a few problems with Christian's assumptions: >> >> * Not everyone uses a JS Framework. Personally, we use a lot of static >> pages, and when we do want to do some fancy stuff, we use pjax to replace >> content on the page, but in the backend this is still done by rendering a >> full template through a Django view. >> >> We run a hybrid side, and fairly high traffic [7k req/min is a fairly >> typical] and I've yet to find a major template performance issue that didn't >> turn out to be a DB hit hiding in an object, or similar. >> >> That's not to say I don't think it can be faster... >> >> * The templating language is also used for small stuff, and the switch to >> Jinja would enable using the templating language for even more stuff. The >> biggest issue that comes to mind are template-based widgets. >> >> Actually, django-sniplates and django-formulation both allow using another >> template as a "bag of macros". I'm also working on a "just macros" rework >> of the idea. formulation even has a "reuse" tag so you can define template >> macros [using blocks] within your template. >> >> Personally, I'm in favor of switching to Jinja. The speed bonus and the >> ability to call functions with arguments are great features for me. >> >> I guess it's time I finally write my "What should I pass in the Context" >> blog post... to point out that your designers are [usually] not coders, and >> shouldn't have to understand your data structures or schema. Whilst in some >> ways perhaps excessively, DTL does make you consider your data structures. >> >> One downside I can think of is that Jinja does not escape variables by >> default, which might become a XSS security issue. >> >> That's quite a large downside! >> >> -- >> Curtis >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/django-developers. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/CAG_XiSBmOU%3D4orZnW13bw-ZLT_O416unynhtnQ9%3DhgPtL9Bbtw%40mail.gmail.com. >> For more options, visit https://groups.google.com/groups/opt_out. > > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA > > > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/CAMwjO1GCQG1q5W_BmU%3DNTA0zmydnTuhVH%3DFrtdDR-kXVSLTZ8Q%40mail.gmail.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/6493F923-4751-4B71-AC14-D2F32E6BD33C%40polytechnique.org. For more options, visit https://groups.google.com/groups/opt_out.
