On Mar 2, 2006, at 3:16 PM, Michael Radziej wrote: > Now, did I miss something and is this already fixed? Should this be > treated differently? How do other people handle this?
The problem in the admin was fixed in [1982]: http:// code.djangoproject.com/changeset/1982; in your own templates you'll want to use the "escape" filter (http://www.djangoproject.com/ documentation/templates/#escape) on any potentially dangerous entries. Why not do it for all variables? At times you want to pass chunks of HTML into a template that get displayed raw. I don't think the behavior you suggest should be default, but do you have any ideas on how to make it optional? It certainly could be useful in certain cases. Jacob --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
