James - thank you for your reply! On 10/17/06, James Bennett <[EMAIL PROTECTED]> wrote: > Templates have the following access: > > * Any variables defined in the context passed from the view will be available. > * If the view used RequestContext instead of the base Context class, > any variables defined by enabled context processors will be made > available. > * Any installed library of template tags will be available for loading and > use.
So what I'll want to do is /not/ enable RequestContext as one of the biggest items. Another will be to keep my template tags safe. I /do/ have an include tag that takes a paginator or a model, I might have to get rid of that or hide it from the user. The way I instantiate user's templates is retrieving the template data and instantiating it with django.template.Template and using django.template.context.Context to supply context, then rendering it and inserting it in a bare-bones template to make the final page. Is there any security concerns with this method? Thanks again, Sam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
