Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#8959 closed (fixed)

Remove calls to escape in new comments framework templates

Reported by: zgoda Owned by: adrian
Component: contrib.comments Version: master
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


As autoescaping is in place with current Django, escaping values in templates is not necessary. Attached patch fixes this.

Attachments (1)

contrib-comments-escaping.diff (5.2 KB) - added by zgoda 8 years ago.
Removing calls to escape in templates

Download all attachments as: .zip

Change History (6)

Changed 8 years ago by zgoda

Removing calls to escape in templates

comment:1 Changed 8 years ago by thejaswi_puthraya

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Design decision needed

True, but I don't see anything wrong with keeping it on. It's better to be safe than never. Marking it DDN for some core-devs to comment on this.

comment:2 Changed 8 years ago by zgoda

Sure, nothing wrong. It's just for consistency.

comment:3 Changed 8 years ago by adrian

  • Owner changed from nobody to adrian
  • Status changed from new to assigned
  • Triage Stage changed from Design decision needed to Accepted

It's worth removing those unnecessary "escape" filters, given that they're redundant and cause a slight be of extra overhead. I will review and check in the patch.

comment:4 Changed 8 years ago by adrian

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [9000]) Fixed #8959 -- Removed redundant calls to the 'escape' template filter in the django.contrib.comments templates. Thanks, zgoda

comment:5 Changed 7 years ago by anonymous

  • milestone post-1.0 deleted

Milestone post-1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top