Opened 20 months ago
Closed 20 months ago
#35296 closed Uncategorized (invalid)
The autoescape parameter to Engine() seems to have no effect on Context.
| Reported by: | Roman Donchenko | Owned by: | nobody |
|---|---|---|---|
| Component: | Template system | Version: | 5.0 |
| Severity: | Normal | Keywords: | |
| Cc: | bcail | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The reference documentation for django.template.Engine says the following:
autoescapecontrols whether HTML autoescaping is enabled. It defaults toTrue.
Based on this, I would expect the following to print <>:
import django.template django.template.Engine(autoescape=False) t = e.from_string('{{x}}') print(t.render(django.template.Context({'x': '<>'})))
But it doesn't, it prints <>. So it seems that the autoescape parameter does nothing.
Either the code should be updated to make the parameter work, or the docs should explain what it actually does.
Change History (3)
comment:1 by , 20 months ago
comment:2 by , 20 months ago
| Cc: | added |
|---|
comment:3 by , 20 months ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
| Summary: | The autoescape parameter to Engine() seems to have no effect → The autoescape parameter to Engine() seems to have no effect on Context. |
Context has it's own autoescape parameter that engine shouldn't override. You can pass Context with autoespace=False or use render_to_string() with a template name.
Note:
See TracTickets
for help on using tickets.
I see the same result. It looks like the
Contextobject has anautoescapeparameter (which defaults to True) - so that may sort of be overriding the engine value. But, I'm not sure the engine value is always checked where it should be.