Code

Changes between Version 6 and Version 7 of AutoEscape alternative


Ignore:
Timestamp:
04/18/07 01:30:20 (7 years ago)
Author:
SmileyChris
Comment:

less strawman-y :P

Legend:

Unmodified
Added
Removed
Modified
  • AutoEscape alternative

    v6 v7  
    11= AutoEscaping Alternative = 
    22 
    3 The current AutoEscaping proposal has met arguments on several fronts: 
    4  
    5  * Too magic 
    6  * Too implicit 
    7  * HTML escaping only 
    8  
    9 This alternative proposal attempts to provide a concise solution that answers these arguments: 
    10  
    11 == Suggested Solution == 
    12  
    13 Escaping only matters for !VariableNodes (`{{ object.name }}` tags). A filter is usually applied to each of these nodes. 
     3Escaping is important for !VariableNodes (`{{ object.name }}` tags). A filter is usually applied to each of these nodes. 
    144The straight-forward solution is to provide a block tag which can automatically add filters (for html escaping, `|escape`) to any variable tag defined within the block. 
    155 
     
    2010To avoid unwanted double escaping, if a tag explictly already uses a filter declared in `finalfilter`, it will not be added again. 
    2111 
    22 == Not too magic == 
     12== Keep it Simple == 
    2313 
    24 There is no magical code hidden underneath deciding on what should be escaped. All that's happening is one or more common filters are being applied automatically to every variable tag defined within the `finalfilter` block. 
     14There is no complex code hidden underneath deciding on what should/shouldn't be escaped. All that's happening is one or more common filters are being applied automatically to every variable tag defined within the `finalfilter` block. 
    2515 
    26 == Not too implicit == 
     16== Explicit is good == 
    2717 
    2818The template author has to use `finalfilter` explicitly. It ''does'' work across `{% extend %}`ed pages however, but some amount of implicitness is required for this to be a useful tag.