#10912: Autoescaping variable input in template tags
-------------------------------------+-------------------------------------
Reporter: andrewbadr | Owner:
Type: Bug | Status: new
Component: Template system | Version: 1.0
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Design
Has patch: 1 | decision needed
Needs tests: 0 | Needs documentation: 0
Easy pickings: 0 | Patch needs improvement: 1
| UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by kenth):
* owner: kenth =>
* status: assigned => new
Comment:
There are two template tags which generate output that is not autoescaped:
firstof & cycle. This behavior might be unexpected, but it appears to be
well documented even back in the version 1.0 documents. There is a policy
statement in the documentation stating output is not escaped "... because
template tags do not escape their content."
The code appears to work as documented & the documentation appears to be
clear. As to if the behavior is as it should be, that's clearly a design
decision...
--
Ticket URL: <https://code.djangoproject.com/ticket/10912#comment:10>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
