Changes between Initial Version and Version 1 of Ticket #17419, comment 5


Ignore:
Timestamp:
01/12/2012 04:55:41 PM (4 years ago)
Author:
aaugustin
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #17419, comment 5

    initial v1  
    1 I don't believe marking the output as safe by default is the right thing to do.
     1It isn't obvious to me that marking the output as safe by default is the right thing to do. Not everyone adds CDATA markers to its <script> tags. Actually, most frontend devs I've worked with don't.
    22
    3 Not everyone adds CDATA markers to its <script> tags. Actually, most frontend devs I've worked with don't.
     3Wouldn't the current implementation break HTML parsing when the filter is used naively?
    44
    5 I'd prefer `{{ data|json|safe }}` within CDATA sections and `{{ data|json }}` everywhere else, because security should be on be default.
     5If so, I'd prefer `{{ data|json|safe }}` within CDATA sections and `{{ data|json }}` everywhere else -- security should be on be default.
Back to Top