Changes between Version 6 and Version 7 of AutoEscape alternative
- Timestamp:
- Apr 18, 2007, 3:30:20 AM (18 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
AutoEscape alternative
v6 v7 1 1 = AutoEscaping Alternative = 2 2 3 The current AutoEscaping proposal has met arguments on several fronts: 4 5 * Too magic 6 * Too implicit 7 * HTML escaping only 8 9 This alternative proposal attempts to provide a concise solution that answers these arguments: 10 11 == Suggested Solution == 12 13 Escaping only matters for !VariableNodes (`{{ object.name }}` tags). A filter is usually applied to each of these nodes. 3 Escaping is important for !VariableNodes (`{{ object.name }}` tags). A filter is usually applied to each of these nodes. 14 4 The straight-forward solution is to provide a block tag which can automatically add filters (for html escaping, `|escape`) to any variable tag defined within the block. 15 5 … … 20 10 To avoid unwanted double escaping, if a tag explictly already uses a filter declared in `finalfilter`, it will not be added again. 21 11 22 == Not too magic==12 == Keep it Simple == 23 13 24 There is no magical code hidden underneath deciding on what shouldbe escaped. All that's happening is one or more common filters are being applied automatically to every variable tag defined within the `finalfilter` block.14 There is no complex code hidden underneath deciding on what should/shouldn't be escaped. All that's happening is one or more common filters are being applied automatically to every variable tag defined within the `finalfilter` block. 25 15 26 == Not too implicit==16 == Explicit is good == 27 17 28 18 The template author has to use `finalfilter` explicitly. It ''does'' work across `{% extend %}`ed pages however, but some amount of implicitness is required for this to be a useful tag.