Changes between Version 58 and Version 59 of VersionOneFeatures
- Timestamp:
- Jan 16, 2007, 2:48:07 PM (18 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
VersionOneFeatures
v58 v59 74 74 For people trying to catch up on the discussion, there are a few long threads in the django-developers archives. Two good places to start are probably [http://groups.google.com/group/django-developers/browse_frm/thread/17d1dfecd67864ab?q=autoescape& an early discussion here] and the discussion around [http://groups.google.com/group/django-developers/browse_frm/thread/7caeb86c04b81f10/9ea28abb20020437?lnk=gst&q=autoescape+willison&rnum=1#9ea28abb20020437 the original patch]. -- Malcolm. 75 75 76 See also AutoEscaping and [wiki:"AutoEscape alternative" Autoescape alternative]. 77 76 78 I'm becoming more and more convinced that auto-escaping needs to be on by default. XSS holes totally compromise the security of your application - they are the "root" attack of the Web. They are stupidly easy to introduce - even Google has had them. If you aren't convinced, take a look at the notes I've collected about them: http://simonwillison.net/tags/xss/ -- Simon 77 79 … … 79 81 80 82 The latest description of the API and implementation details is in [http://groups.google.com/group/django-developers/browse_frm/thread/7d40ad373ebfa912/85244d55f259455d?lnk=gst&q=model+inheritance&rnum=4#85244d55f259455d this thread]. 83 84 See also ModelInheritance. 81 85 82 86 === !DecimalField ===