On 16 Kwi, 19:22, Paweł Roman <[email protected]> wrote: > > Did anyone use a django template language in that fashion in a web > application that, itself is written in django? Does it make sense? Is > it safe? >
I did, but it's been used by trusted set of users, so there were not that many safety measures built in. Regarding tag processing, it might be harder than I think, but I don't see a problem with cutting such unwanted tags, e.g. with regex or maybe even by cloning source code for templates and removing set of tags (OR maybe it's possible to disable some of tags, I've never checked this). As for missing variables not failing silently - there is TEMPLATE_STRING_IF_INVALID setting that you might use. And for filters - I'm not 100% sure at the moment, but believe that failing (raising) filter produce TemplateSyntaxError. -- Tomasz Zielinski http://pyconsultant.eu -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
