Changes between Initial Version and Version 1 of Ticket #17419, comment 5
- Timestamp:
- Jan 12, 2012, 4:55:41 PM (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #17419, comment 5
initial v1 1 I don't believe marking the output as safe by default is the right thing to do.1 It isn't obvious to me that marking the output as safe by default is the right thing to do. Not everyone adds CDATA markers to its <script> tags. Actually, most frontend devs I've worked with don't. 2 2 3 Not everyone adds CDATA markers to its <script> tags. Actually, most frontend devs I've worked with don't. 3 Wouldn't the current implementation break HTML parsing when the filter is used naively? 4 4 5 I 'd prefer `{{ data|json|safe }}` within CDATA sections and `{{ data|json }}` everywhere else, becausesecurity should be on be default.5 If so, I'd prefer `{{ data|json|safe }}` within CDATA sections and `{{ data|json }}` everywhere else -- security should be on be default.