Version 1 (modified by 19 years ago) ( diff ) | ,
---|
The current AutoEscaping proposal has met arguments on several fronts:
- Too magic
- Too implicit
- HTML escaping only
This alternative proposal attempts to provide a concise solution that answers these arguments:
Suggested Solution ¶
Escaping only matters for VariableNodes ({{ object.name }}
tags). A filter is usually applied to each of these nodes.
The straight-forward solution is to provide a block tag which can automatically add filters (for html escaping, |escape
) to any variable tag defined within the block.
The solution is to provide a {% finalfilter %}
block tag.
If a tag has already been "finalized" in the view (ie. it doesn't need the filters added to it), a specific new filter |finalized
can be added to that variable tag.
If a tag explictly already uses the filter, it will not be added again.
Not too magic ¶
There is no magical code hidden underneath to worry about. All that's happening is one or more common filters are being applied automatically to every variable tag defined within the finalfilter
block.
Not too implicit ¶
The template author has to use it explicitly. It does work across {% extend %}
ed pages however, but some amount of implicitness is required for this to be a useful tag.
Not just HTML escaping ¶
Any filter can be used with the finalfilter
tag.
Example ¶
base.html
:
{% load filtertags %} {% finalfilter escape %} <head> <title>Test Escaping</title> </head> <body> <div id="content"> {% block content %}{% endblock %} </div> </body> </html> {% endfinalfilter %}
index.html
:
{% extends "base.htm" %} {% block content %} <h1>{% object.title %}</h1> <p>{% object.details %}</p> {% endblock %}
edit.html
{% extends "base.html" %} {% block content %} <h1>Edit {% object.title %}</h1> {% finalfilter finalized %} <p><label for="id_title">Title</label> {{ form.title }}</p> <p><label for="id_details">Details</label> {{ form.details }}</p> {% endfinalfilter %} {% endblock %}
Attachments (2)
-
filtertags.py
(4.8 KB
) - added by 19 years ago.
finalfilter
template tag -
filtertags.2.py
(3.9 KB
) - added by 18 years ago.
Newer, simpler implementation
Download all attachments as: .zip