The current AutoEscaping proposal has met arguments on several fronts:
* Too magic
* Too implicit
* HTML escaping only
This alternative proposal attempts to provide a concise solution that answers these arguments:
= Suggested Solution =
Escaping only matters for !VariableNodes (`{{ object.name }}` tags). A filter is usually applied to each of these nodes.
The straight-forward solution is to provide a block tag which can automatically add filters (for html escaping, `|escape`) to any variable tag defined within the block.
'''The solution is to provide a `{% finalfilter %}` block tag'''.
If a tag has already been "finalized" in the view (ie. it doesn't need the filters added to it), a specific new filter `|finalized` can be added to that variable tag.
To avoid unwanted double escaping, if a tag explictly already uses a filter declared in `finalfilter`, it will not be added again.
== Not too magic ==
There is no magical code hidden underneath deciding on what should be escaped. All that's happening is one or more common filters are being applied automatically to every variable tag defined within the `finalfilter` block.
== Not too implicit ==
The template author has to use `finalfilter` explicitly. It ''does'' work across `{% extend %}`ed pages however, but some amount of implicitness is required for this to be a useful tag.
== Not just HTML escaping ==
Any filter can be used with the `finalfilter` tag.
= Example =
`base.html`:
{{{
{% load filtertags %}
{% finalfilter escape %}
Test Escaping
{% block content %}{% endblock %}