[EMAIL PROTECTED] wrote: > that's why i suggest looking at this as a data validation issue. (not > simply as escaping) we do lots of validation in the model already.
But it is an escaping issue. There's nothing wrong with allowing html to be entered in (for example) a comment field. It should be escaped in most templates, but sometimes not, for example if there was a plain-text email of comments that gets sent. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
