thanks
On Sat, Dec 25, 2010 at 12:09 PM, Thadeus Burgess <[email protected]>wrote:
> Escape will convert the text to html entities. For example,
>
> >>> x = "A 'quote' is <b>bold</b>"
> >>> print response.write(x, escape=True)
> A 'quote' is <b>bold</b>
>
> This protects your page from html injection hacks. If you need to display
> html from a variable and you know absolutely sure that it is safe, use
>
> {{=XML(x)}}
>
> Which also provides some helper methods to allow you to select "safe" tags
> without allowing everything.
>
> --
> Thadeus
>
>
>
>
>
> On Fri, Dec 24, 2010 at 11:39 PM, Sahil Arora <[email protected]>wrote:
>
>> I am asking what does escape=true does
>>
>>
>> On Sat, Dec 25, 2010 at 11:02 AM, mdipierro <[email protected]>wrote:
>>
>>> {{=x}}
>>>
>>> is equivalent to
>>>
>>> {{response.write(x,escape=True)}}
>>>
>>> Did I answer the question?
>>>
>>>
>>> On Dec 24, 10:04 pm, Sahil Arora <[email protected]> wrote:
>>> > what do you mean by word 'escape' when we say escape = False
>>> >
>>> > or
>>> > in
>>> > {{=x}}
>>> > Variables injected into the HTML in this way are escaped by default.
>>> The
>>> > escaping is ignored if x is an XML object, even if escape is set to
>>> True.
>>> >
>>> > --
>>> > Sahil Arora
>>> > B.Tech 2nd year
>>> > Computer Science and Engineering
>>> > IIT Delhi
>>> > Contact No: +91 9871491046
>>>
>>
>>
>>
>> --
>> Sahil Arora
>> B.Tech 2nd year
>> Computer Science and Engineering
>> IIT Delhi
>> Contact No: +91 9871491046
>>
>
>
--
Sahil Arora
B.Tech 2nd year
Computer Science and Engineering
IIT Delhi
Contact No: +91 9871491046
