The current AutoEscaping proposal has met arguments on several fronts: * Too magic * Too implicit * HTML escaping only This alternative proposal attempts to provide a concise solution that answers these arguments: = Suggested Solution = Escaping only matters for !VariableNodes (`{{ object.name }}` tags). A filter is usually applied to each of these nodes. The straight-forward solution is to provide a block tag which can automatically add filters (for html escaping, `|escape`) to any variable tag defined within the block. '''The solution is to provide a `{% finalfilter %}` block tag'''. If a tag has already been "finalized" in the view (ie. it doesn't need the filters added to it), a specific new filter `|finalized` can be added to that variable tag. If a tag explictly already uses the filter, it will not be added again. == Not too magic == There is no magical code hidden underneath to worry about. All that's happening is one or more common filters are being applied automatically to every variable tag defined within the `finalfilter` block. == Not too implicit == The template author has to use it explicitly. It ''does'' work across `{% extend %}`ed pages however, but some amount of implicitness is required for this to be a useful tag. == Not just HTML escaping == Any filter can be used with the `finalfilter` tag. = Example = `base.html`: {{{ {% load filtertags %} {% finalfilter escape %} Test Escaping
{% block content %}{% endblock %}
{% endfinalfilter %} }}} `index.html`: {{{ {% extends "base.htm" %} {% block content %}

{% object.title %}

{% object.details %}

{% endblock %} }}} `edit.html` {{{ {% extends "base.html" %} {% block content %}

Edit {% object.title %}

{% finalfilter finalized %}

{{ form.title }}

{{ form.details }}

{% endfinalfilter %} {% endblock %} }}}