Code

Changes between Version 71 and Version 72 of VersionOneFeatures


Ignore:
Timestamp:
11/14/07 17:07:56 (6 years ago)
Author:
mtredinnick
Comment:

Updated a little

Legend:

Unmodified
Added
Removed
Modified
  • VersionOneFeatures

    v71 v72  
    1515|| test fixtures                   || Russ        || No           || done                              || #2333 || 
    1616|| [#RootViewandURLReversal root views/url reversal]|| ?  || Yes  || Not started                       || #2977 || 
    17 || [#Autoescape autoescape]        || Malcolm     || No           || almost there                      || #2359 || 
     17|| [#Autoescape autoescape]        || Malcolm     || Yes           || done                      || #2359 || 
    1818|| [#ModelInheritance model inheritance] || Malcolm  || Unclear   || started                           ||    || 
    1919|| windows installers              || ?           || No           || not started                       ||    || 
     
    6666nobody of the core team has commented on this. 
    6767 
    68 === Autoescape === 
    69  
    70 Autoescape only changed APIs if it was on by default. But I've (Michael Radziej) followed 
    71 the discussion very closely, and I'm sure that the main reaction of the 
    72 community was strictly against this. autoescape is my own favorite pet, 
    73 but when I apply my own criteria, it wouldn't be a candidate for 1.0. 
    74 One could argue that it will deeply affect the way templates are written 
    75 and that they are an important step to make django applications safe, 
    76 but the consensus about it was not that strong. Or do we want to use it 
    77 in the admin? -- mir 
    78  
    79 For people trying to catch up on the discussion, there are a few long threads in the django-developers archives. Two good places to start are probably [http://groups.google.com/group/django-developers/browse_frm/thread/17d1dfecd67864ab?q=autoescape& an early discussion here] and the discussion around [http://groups.google.com/group/django-developers/browse_frm/thread/7caeb86c04b81f10/9ea28abb20020437?lnk=gst&q=autoescape+willison&rnum=1#9ea28abb20020437  the original patch]. -- Malcolm. 
    80  
    81 See also AutoEscaping and [wiki:"AutoEscape alternative" Autoescape alternative]. 
    82  
    83 I'm becoming more and more convinced that auto-escaping needs to be on by default. XSS holes totally compromise the security of your application - they are the "root" attack of the Web. They are stupidly easy to introduce - even Google has had them. If you aren't convinced, take a look at the notes I've collected about them: http://simonwillison.net/tags/xss/ -- Simon 
    8468 
    8569=== Model Inheritance === 
     
    8973See also ModelInheritance. 
    9074 
    91 === !DecimalField === 
    92  
    93 models.!FloatField would always return floats (not Decimals), and 
    94 introspection of DECIMAL columns would yield !DecimalFields (not 
    95 !FloatField).  The parameters to !FloatField would also change (no 
    96 precision, etc.).  
    97  
    98 See also [http://groups.google.com/group/django-developers/browse_thread/thread/852e0115b2535be9/dc496ed3a5d5429e#dc496ed3a5d5429e this thread]. 
    99  
    10075=== Middleware ordering === 
    10176