Re: [Django] #4555: New html-util/filter: unescape

[Django]

#4555: New html-util/filter: unescape
-------------------------------------+-------------------------------------
     Reporter:  Johan Bergström      |                    Owner:  nobody
  <bugs@…>                           |
         Type:  Uncategorized        |                   Status:  closed
    Component:  Template system      |                  Version:  dev
     Severity:  Normal               |               Resolution:  wontfix
     Keywords:  unescape util        |             Triage Stage:  Design
  filter                             |  decision needed
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Collin Anderson):

 I just want to note that I would use an `html_unescape` template filter in
 pretty much every case where I use the `striptags` filter.

 For example, I have a product.html_description field and I may want to
 auto-generate a meta description like so:

 {{{
 <meta name="description" content="{{
 product.html_description|striptags|html_unescape|truncatechars:400 }}">
 }}}

 `striptags` removes tags, but I also want to replace `&mdash;` -> `—` and
 `&#x27;` -> `'` before running it through `truncatechars`. I especially
 don't want to truncate in the middle of an `&mdash;` or other html entity.
 The template engine will take care of auto-escaping the resulting text to
 html. (And it's fine if the html is longer than 400 chars as long as the
 text is <= 400 chars.)

 I think some people use the insecure `striptags|safe` as a workaround to
 "fix" html entities showing up in output, whereas a
 `striptags|html_unescape` would solve the same problem and actually be
 much more secure.

 Or maybe it would help to have an `html_to_text` filter that is basically
 just `striptags|unescape_html`. I assume most people who use `striptags`
 also want to html entities unescaped too. Again, it might help cut down on
 insecure `striptags|safe` usage.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/4555#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070183cd26b96e-fb63d64d-ea57-41a8-9850-c94fd495afc6-000000%40eu-central-1.amazonses.com.