On 7/6/07, Neil Blakey-Milner <[EMAIL PROTECTED]> wrote: > Personally, I think that using text-based templates just opens up too > many problems around cross-site scripting and broken HTML because > people forget to escape their data properly every single time. I > think an explicit "this data should be displayed as HTML" is better > than an explicit "this data is already HTML encoded".
That has been one of Genshi/Kid's other strengths. but Mako has it too now. You can set a template to escape every data value except those you override. http://www.makotemplates.org/docs/filtering.html So if you make the 'h' filter the default, it HTML-escapes everything. The 'n' filter bypasses any default filter to output the original raw value; I don't know why it's not mentioned on that page. -- Mike Orr <[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
