Documentation slightly unclear about "safe" strings in filters
|Reported by:||<removed at reporter's request>||Owned by:||Joshua Russo|
|Severity:||Keywords:||safe, auto-escape, escapejs|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
My objective here is to prevent somebody else from falling into the same trap as I.
This is with regard to auto-escaping, the safe filter, and escapejs. I had auto-escaping on and tried the following:
So the logic is correct. I would like to see a change to the docs here are some ideas:
- Update the documentation for Safe to be something like the following:
"Marks a string as not requiring further HTML escaping prior to output. When this filter is not the last filter applied, subsequent filters might make string /not/ safe for HTML output and the string will be escaped if auto-escaping is on. When autoescaping is off, this filter has no effect."
That's obviously too wordy but I think it brings across the point.
- Update auto-escaping docs to mention that safe will turn off auto-escaping unless a filter that follows safe makes the string unsafe for HTML output.
- Or maybe just a more technical explaination of how safe, escape, and auto-escape work under the covers.
Change History (13)
comment:2 Changed 9 years ago by
|Reporter:||changed from djensen47@… to <removed at reporter's request>|
|Triage Stage:||Unreviewed → Accepted|
comment:3 Changed 7 years ago by
|Owner:||changed from nobody to Joshua Russo|
|Status:||new → assigned|