Opened 16 years ago

Closed 16 years ago

Last modified 12 years ago

#7544 closed (fixed)

Documentation mistake when using an escaping example

Reported by: lukejackson Owned by: Marc Garcia
Component: Documentation Version: dev
Severity: Keywords: template escape safe
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

On: http://www.djangoproject.com/documentation/templates/, it gives an example of a string that you definitely need to escape:

{{ data|default:"3 > 2" }} <-- Bad! Don't do this.

However, the > symbol doesn't need to be escaped outside of the inner contents of a tag. Perhaps a better example would be the < character.

The documentation is great, btw, very easy to read and accessible.

Attachments (2)

index.html (375 bytes ) - added by Marc Garcia 16 years ago.
Testing file for html validation
7544.diff (485 bytes ) - added by Marc Garcia 16 years ago.
Patch with a better example on documentation.

Download all attachments as: .zip

Change History (8)

comment:1 by lukejackson, 16 years ago

by Marc Garcia, 16 years ago

Attachment: index.html added

Testing file for html validation

comment:2 by Marc Garcia, 16 years ago

milestone: 1.0
Owner: changed from nobody to Marc Garcia
Triage Stage: UnreviewedAccepted

I couldn't found any documentation about it, but I tried attached file on http://validator.w3.org/ and ticket report is correct, so validator only complains for lesser than character, not greater than.

by Marc Garcia, 16 years ago

Attachment: 7544.diff added

Patch with a better example on documentation.

comment:3 by Marc Garcia, 16 years ago

Has patch: set
Summary: Small suggestion for template example changeDocumentation mistake when using an escaping example
Triage Stage: AcceptedReady for checkin

Documentation modified for using an example that actually isn't correct.

Definitely, Django is a web framework for perfectionists... ;)

comment:4 by Malcolm Tredinnick, 16 years ago

There's actually nothing wrong with this example. It's a fragment of a template and what's to say it isn't wrapped in a tag in the rest of the template? It would also be bad practice to leave the "<" unescaped, since if you later did end up wrapping it inside something that needed it to be escaped, you would introduce problems.

comment:5 by Malcolm Tredinnick, 16 years ago

Resolution: fixed
Status: newclosed

(In [7811]) Changed a documentation example that wasn't wrong to stop complaints.

Fixed #7544.

comment:6 by Jacob, 12 years ago

milestone: 1.0

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top