On Saturday, September 26, 2015 at 4:41:55 AM UTC+2, Gavin Wahl wrote: > > > which then only needs to go through the autoescape filter I think > > This is actually incorrect. <script> tags in HTML5 are Raw Text elements, > so Django's autoescaping doesn't work because HTML entities are not decoded > inside Raw Text elements [1]. I use the json filter from > django-argonauts[2] in all my projects to do json encoding. >
Good thing I said "I think" :D It apparently has been a long time since I did put JSON into templates (I usually put them into data attributes if at all where normal escaping applies, right?) -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/30fb203a-83a8-444c-8ef5-76a2df1f42c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
