id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
14057	Expose an interface for custom-escaping template content	Stephen Kelly	nobody	"Django by default escapes html entities in Context content injected into a Template. For non-html content it is possible to implement a filter to implement custom escaping.

Example:

http://groups.google.com/group/django-developers/browse_thread/thread/2d3f095ed31ffc6c

However, in that case, escaping must be explicit. There is no auto-escaping, because auto-escaping assumes html content.

It is possible to create a separate object to perform escaping, which can be overridden for custom escaping. The specific escaping needs to be accessible from _render_value_in_context, currently a free function associated with the Node class, and from filters, some of which need to escape or conditionalEscape their input (linenumbers and linebreaks and linebreaksbr filters).

The solution I used in a C++ implementation was a OutputStream class with a virtual method for escaping:

http://gitorious.org/grantlee/grantlee/blobs/master/corelib/outputstream.h

It allows creation of a stream which does no escaping of content, or one that does javascript or latex (auto)escaping 

The disadvantage is that the stream must be passed through all methods in the API, sometimes cloned. In python/django though it may make more sense to register a function in the SETTINGS which should be used for escaping, so that custom autoescaping can be possible.
"	New feature	closed	Template system		Normal	wontfix		net147@…	Design decision needed	1	1	1	0	0	0