#17906: 'firstof' and 'cycle' should autoescape
---------------------------------+------------------------------------
Reporter: anonymous | Owner: nobody
Type: Uncategorized | Status: new
Component: Template system | Version: 1.3
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+------------------------------------
Changes (by PaulM):
* stage: Unreviewed => Accepted
Comment:
The current documented behavior is unfortunate, but firmly entrenched
enough that backwards compatibility makes it very hard to just outright
change the behavior.
I too would like to see this change happen. I'm marking this ticket as
accepted, with the caveat that any solution needs to meet the standard
requirements - it's not enough to say "we must change the behavior and
break everyone's code". I'd prefer to see a solution that didn't involve
adding settings, but that may not be possible.
One backwards compatible idea to improve the situation would be to add a
warning when these widgets render strings that are not explicitly marked
safe. I'd also like to see an easier way for these widgets to optionally
escape their output - the recommended format is very clumsy. Perhaps a
first step to changing the behavior would be to add a way for template
authors to explicitly state which behavior they want. This, combined with
a warning when the behavior is not explicit, would pave the way for a
deprecation of the existing behavior.
--
Ticket URL: <https://code.djangoproject.com/ticket/17906#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.