#7544 closed (fixed)
Documentation mistake when using an escaping example
Reported by: | lukejackson | Owned by: | Marc Garcia |
---|---|---|---|
Component: | Documentation | Version: | dev |
Severity: | Keywords: | template escape safe | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
On: http://www.djangoproject.com/documentation/templates/, it gives an example of a string that you definitely need to escape:
{{ data|default:"3 > 2" }} <-- Bad! Don't do this.
However, the > symbol doesn't need to be escaped outside of the inner contents of a tag. Perhaps a better example would be the < character.
The documentation is great, btw, very easy to read and accessible.
Attachments (2)
Change History (8)
comment:1 by , 17 years ago
by , 17 years ago
Attachment: | index.html added |
---|
comment:2 by , 17 years ago
milestone: | → 1.0 |
---|---|
Owner: | changed from | to
Triage Stage: | Unreviewed → Accepted |
I couldn't found any documentation about it, but I tried attached file on http://validator.w3.org/ and ticket report is correct, so validator only complains for lesser than character, not greater than.
comment:3 by , 17 years ago
Has patch: | set |
---|---|
Summary: | Small suggestion for template example change → Documentation mistake when using an escaping example |
Triage Stage: | Accepted → Ready for checkin |
Documentation modified for using an example that actually isn't correct.
Definitely, Django is a web framework for perfectionists... ;)
comment:4 by , 17 years ago
There's actually nothing wrong with this example. It's a fragment of a template and what's to say it isn't wrapped in a tag in the rest of the template? It would also be bad practice to leave the "<" unescaped, since if you later did end up wrapping it inside something that needed it to be escaped, you would introduce problems.
comment:5 by , 17 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Testing file for html validation