Escape will convert the text to html entities. For example,
>>> x = "A 'quote' is <b>bold</b>"
>>> print response.write(x, escape=True)
A 'quote' is <b>bold</b>
This protects your page from html injection hacks. If you need to display
html from a variable and you know absolutely sure that it is safe, use
{{=XML(x)}}
Which also provides some helper methods to allow you to select "safe" tags
without allowing everything.
--
Thadeus
On Fri, Dec 24, 2010 at 11:39 PM, Sahil Arora <[email protected]>wrote:
> I am asking what does escape=true does
>
>
> On Sat, Dec 25, 2010 at 11:02 AM, mdipierro <[email protected]>wrote:
>
>> {{=x}}
>>
>> is equivalent to
>>
>> {{response.write(x,escape=True)}}
>>
>> Did I answer the question?
>>
>>
>> On Dec 24, 10:04 pm, Sahil Arora <[email protected]> wrote:
>> > what do you mean by word 'escape' when we say escape = False
>> >
>> > or
>> > in
>> > {{=x}}
>> > Variables injected into the HTML in this way are escaped by default. The
>> > escaping is ignored if x is an XML object, even if escape is set to
>> True.
>> >
>> > --
>> > Sahil Arora
>> > B.Tech 2nd year
>> > Computer Science and Engineering
>> > IIT Delhi
>> > Contact No: +91 9871491046
>>
>
>
>
> --
> Sahil Arora
> B.Tech 2nd year
> Computer Science and Engineering
> IIT Delhi
> Contact No: +91 9871491046
>
