On Jan 13, 2009, at 8:41 AM, mk wrote:
Which obviously corresponds to config/environment.py.Is there really a reason to use 'escape' filter by default in Pylons? Itconfuses the hell out of newbies like me.
Unfortunately, its even worse to have cross-site domain exploits, and such, which is why it auto-escapes by default. Wrapping your helper output in a literal() will prevent escaping, just make absolutely sure that your helper isn't including data from the browser (which can be unsafe if not properly checked).
from webhelpers.html.builder import literal
something = literal("Text that shouldn't <b>be escaped</b>")
Cheers,
Ben
smime.p7s
Description: S/MIME cryptographic signature
