#15365: Stronger warning for markup template filters
-------------------------------------------------+--------------------------
Reporter: db.pub.mail@… | Owner: nobody
Status: new | Milestone:
Component: Documentation | Version: 1.2
Resolution: | Keywords:
Triage Stage: Accepted | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 |
-------------------------------------------------+--------------------------
Changes (by gabrielhurley):
* milestone: 1.3 =>
Comment:
I'd accept an admonition on `ref/contrib/markup` as an acceptable
resolution to this ticket. We should point out that the output will be
marked safe and unescaped.
There's no way for the markup filters to fulfill their intended purpose
without producing unescaped results. These filters are sufficiently non-
obvious that a note is worthwhile, but at some point there is no
reasonable protection against not understanding the impact of template
filters on secure application design.
Filtering on `http://` protocols or paths under the site root can be
exploited just as easily; there's no protection there.
IMHO, developers *must* be aware of trusting user input, and as long as we
make obvious the fact that these filters will produce unescaped results
we've done as much as we can do without crippling functionality.
Especially with reST, darn near anything could be valid markup within a
chunk of text. There's no rational filtering that can be applied to make
it safe.
Let's be clear in our limitations here and leave it to developers to use
power responsibly.
--
Ticket URL: <http://code.djangoproject.com/ticket/15365#comment:3>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
