#8959 closed (fixed)
Remove calls to escape in new comments framework templates
| Reported by: | Jarek Zgoda | Owned by: | Adrian Holovaty |
|---|---|---|---|
| Component: | contrib.comments | Version: | master |
| Severity: | Keywords: | ||
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
As autoescaping is in place with current Django, escaping values in templates is not necessary. Attached patch fixes this.
Attachments (1)
Change History (6)
Changed 10 years ago by
| Attachment: | contrib-comments-escaping.diff added |
|---|
comment:1 Changed 10 years ago by
| Triage Stage: | Unreviewed → Design decision needed |
|---|
True, but I don't see anything wrong with keeping it on. It's better to be safe than never. Marking it DDN for some core-devs to comment on this.
comment:3 Changed 10 years ago by
| Owner: | changed from nobody to Adrian Holovaty |
|---|---|
| Status: | new → assigned |
| Triage Stage: | Design decision needed → Accepted |
It's worth removing those unnecessary "escape" filters, given that they're redundant and cause a slight be of extra overhead. I will review and check in the patch.
comment:4 Changed 10 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note: See
TracTickets for help on using
tickets.
Removing calls to escape in templates