Re: Migrating into Django 1.9; question about autoescape

Sun, 11 Mar 2018 18:45:04 -0700 

This seems odd, because autoescaping has been on since almost the beginning.  
https://web.archive.org/web/20080826081214/http://docs.djangoproject.com:80/en/dev/topics/templates/#id2
  What actually changed with 1.9?

> On Feb 13, 2018, at 7:53 AM, Bill Torcaso <torcasob...@gmail.com> wrote:
> 
> 
> Hello all,
> 
> I have the task of migrating a very old website from Django 1.7 to either 
> Django 1.11 or 2.0, depending on the effort.
> 
> My plan is to go from 1.7 --> 1.8 --> 1.9 -->1.10 --> 1.11, adapting the 
> codebase as I go.  It's been easy enough until I arrive at 1.9, and the 
> change in template-rendering in which "autoescape" defaults to "on".
> 
> Now a lot of my payload is arriving at the browser with my HTML tags escaped. 
>  For example,
> 
>     <button>       gets rendered as        &lt;button&gt;
> 
> I have no argument with the autoescape-on default setting.  But I am unsure 
> how to proceed, and how large the effort will be.  As background, I am a 
> seasoned back-end programmer and a lightweight in HTML and template issues.
> 
> I see these alternatives.  Are there any others?
> 
> Get to the Template Engine object and set its autoescape attribute to "off".  
> This loses the protection that autoescape-on provides, restores the Django 
> 1.8 behavior, and let me proceed with the smallest amount of effort.
> 
> Is this the template engine I need?  "django.core.context_processors.request" 
>  And how do I get to the object?
> 
> Visit all of my HTML files and put "{% autoescape off %}" everywhere.
> 
> I put "{% autoescape off %}" in my base.html, and it partially solved the 
> problem.  But it did not get everything.
> 
> This is a medium amount of effort, and if I make a mistake the users will 
> have a bad experience.
> 
> Visit all of my code and all of my templates, carefully converting into the 
> world of autoescape-on.
> Thanks in advance,
> 
>   ---  Bill Torcaso

Peter of the Norse
rahmc...@radio1190.org



-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/41307A5D-0AEB-4EAF-A9E9-DE93739A1281%40Radio1190.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to