Code

Changes between Version 58 and Version 59 of VersionOneFeatures


Ignore:
Timestamp:
01/16/07 12:48:07 (7 years ago)
Author:
Gary Wilson <gary.wilson@…>
Comment:

added links to wiki pages.

Legend:

Unmodified
Added
Removed
Modified
  • VersionOneFeatures

    v58 v59  
    7474For people trying to catch up on the discussion, there are a few long threads in the django-developers archives. Two good places to start are probably [http://groups.google.com/group/django-developers/browse_frm/thread/17d1dfecd67864ab?q=autoescape& an early discussion here] and the discussion around [http://groups.google.com/group/django-developers/browse_frm/thread/7caeb86c04b81f10/9ea28abb20020437?lnk=gst&q=autoescape+willison&rnum=1#9ea28abb20020437  the original patch]. -- Malcolm. 
    7575 
     76See also AutoEscaping and [wiki:"AutoEscape alternative" Autoescape alternative]. 
     77 
    7678I'm becoming more and more convinced that auto-escaping needs to be on by default. XSS holes totally compromise the security of your application - they are the "root" attack of the Web. They are stupidly easy to introduce - even Google has had them. If you aren't convinced, take a look at the notes I've collected about them: http://simonwillison.net/tags/xss/ -- Simon 
    7779 
     
    7981 
    8082The latest description of the API and implementation details is in [http://groups.google.com/group/django-developers/browse_frm/thread/7d40ad373ebfa912/85244d55f259455d?lnk=gst&q=model+inheritance&rnum=4#85244d55f259455d this thread]. 
     83 
     84See also ModelInheritance. 
    8185 
    8286=== !DecimalField ===