Opened 8 years ago

Closed 8 years ago

Last modified 5 years ago

#7544 closed (fixed)

Documentation mistake when using an escaping example

Reported by: lukejackson Owned by: Marc Garcia
Component: Documentation Version: master
Severity: Keywords: template escape safe
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

On: http://www.djangoproject.com/documentation/templates/, it gives an example of a string that you definitely need to escape:

{{ data|default:"3 > 2" }} <-- Bad! Don't do this.

However, the > symbol doesn't need to be escaped outside of the inner contents of a tag. Perhaps a better example would be the < character.

The documentation is great, btw, very easy to read and accessible.

Attachments (2)

index.html (375 bytes) - added by Marc Garcia 8 years ago.
Testing file for html validation
7544.diff (485 bytes) - added by Marc Garcia 8 years ago.
Patch with a better example on documentation.

Download all attachments as: .zip

Change History (8)

comment:1 Changed 8 years ago by lukejackson

Changed 8 years ago by Marc Garcia

Attachment: index.html added

Testing file for html validation

comment:2 Changed 8 years ago by Marc Garcia

milestone: 1.0
Owner: changed from nobody to Marc Garcia
Triage Stage: UnreviewedAccepted

I couldn't found any documentation about it, but I tried attached file on http://validator.w3.org/ and ticket report is correct, so validator only complains for lesser than character, not greater than.

Changed 8 years ago by Marc Garcia

Attachment: 7544.diff added

Patch with a better example on documentation.

comment:3 Changed 8 years ago by Marc Garcia

Has patch: set
Summary: Small suggestion for template example changeDocumentation mistake when using an escaping example
Triage Stage: AcceptedReady for checkin

Documentation modified for using an example that actually isn't correct.

Definitely, Django is a web framework for perfectionists... ;)

comment:4 Changed 8 years ago by Malcolm Tredinnick

There's actually nothing wrong with this example. It's a fragment of a template and what's to say it isn't wrapped in a tag in the rest of the template? It would also be bad practice to leave the "<" unescaped, since if you later did end up wrapping it inside something that needed it to be escaped, you would introduce problems.

comment:5 Changed 8 years ago by Malcolm Tredinnick

Resolution: fixed
Status: newclosed

(In [7811]) Changed a documentation example that wasn't wrong to stop complaints.

Fixed #7544.

comment:6 Changed 5 years ago by Jacob

milestone: 1.0

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top