I'm presently using a URL parameter to allow requests to specify a particular template they want the results to be returned in, allowing AJAX requests to get results in a particular format for inclusion in different pages without any code duplication.
Is this actually safe? Is the input taken by render_to_response as the template name actually sanitized enough to prevent Bad Thingsā¢ from happening? Obviously someone could request a template that's going to generate errors on rendering (since the requester has no direct control over the parameters the template will render with), but trying this out it doesn't look like this will do anything other than generate an error response. Am I missing something important? Thanks for your help, Matthew -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.