Re: [Django] #17906: 'firstof' and 'cycle' should autoescape

[Django]

#17906: 'firstof' and 'cycle'  should autoescape
---------------------------------+------------------------------------
     Reporter:  anonymous        |                    Owner:  nobody
         Type:  Uncategorized    |                   Status:  new
    Component:  Template system  |                  Version:  1.3
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  0                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+------------------------------------
Changes (by PaulM):

 * stage:  Unreviewed => Accepted


Comment:

 The current documented behavior is unfortunate, but firmly entrenched
 enough that backwards compatibility makes it very hard to just outright
 change the behavior.

 I too would like to see this change happen. I'm marking this ticket as
 accepted, with the caveat that any solution needs to meet the standard
 requirements - it's not enough to say "we must change the behavior and
 break everyone's code". I'd prefer to see a solution that didn't involve
 adding settings, but that may not be possible.

 One backwards compatible idea to improve the situation would be to add a
 warning when these widgets render strings that are not explicitly marked
 safe. I'd also like to see an easier way for these widgets to optionally
 escape their output - the recommended format is very clumsy. Perhaps a
 first step to changing the behavior would be to add a way for template
 authors to explicitly state which behavior they want. This, combined with
 a warning when the behavior is not explicit, would pave the way for a
 deprecation of the existing behavior.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/17906#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.