Django

Code

Ticket #7544 (closed: fixed)

Opened 5 months ago

Last modified 5 months ago

Documentation mistake when using an escaping example

Reported by: lukejackson Assigned to: garcia_marc
Milestone: 1.0 Component: Documentation
Version: SVN Keywords: template escape safe
Cc: Triage Stage: Ready for checkin
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

On: http://www.djangoproject.com/documentation/templates/, it gives an example of a string that you definitely need to escape:

{{ data|default:"3 > 2" }} <-- Bad! Don't do this.

However, the > symbol doesn't need to be escaped outside of the inner contents of a tag. Perhaps a better example would be the < character.

The documentation is great, btw, very easy to read and accessible.

Attachments

index.html (375 bytes) - added by garcia_marc on 06/30/08 16:51:57.
Testing file for html validation
7544.diff (485 bytes) - added by garcia_marc on 06/30/08 16:55:02.
Patch with a better example on documentation.

Change History

06/26/08 10:10:33 changed by lukejackson

  • needs_better_patch changed.
  • needs_tests changed.
  • needs_docs changed.

06/30/08 16:51:57 changed by garcia_marc

  • attachment index.html added.

Testing file for html validation

06/30/08 16:54:24 changed by garcia_marc

  • owner changed from nobody to garcia_marc.
  • stage changed from Unreviewed to Accepted.
  • milestone set to 1.0.

I couldn't found any documentation about it, but I tried attached file on http://validator.w3.org/ and ticket report is correct, so validator only complains for lesser than character, not greater than.

06/30/08 16:55:02 changed by garcia_marc

  • attachment 7544.diff added.

Patch with a better example on documentation.

06/30/08 16:57:42 changed by garcia_marc

  • has_patch set to 1.
  • summary changed from Small suggestion for template example change to Documentation mistake when using an escaping example.
  • stage changed from Accepted to Ready for checkin.

Documentation modified for using an example that actually isn't correct.

Definitely, Django is a web framework for perfectionists... ;)

06/30/08 21:15:57 changed by mtredinnick

There's actually nothing wrong with this example. It's a fragment of a template and what's to say it isn't wrapped in a tag in the rest of the template? It would also be bad practice to leave the "<" unescaped, since if you later did end up wrapping it inside something that needed it to be escaped, you would introduce problems.

06/30/08 21:17:24 changed by mtredinnick

  • status changed from new to closed.
  • resolution set to fixed.

(In [7811]) Changed a documentation example that wasn't wrong to stop complaints.

Fixed #7544.

Add/Change #7544 (Documentation mistake when using an escaping example)




Change Properties
Action