On 1/12/07, Chris Nelson <[EMAIL PROTECTED]> wrote: > I would prefer that auto-escaping didn't make it into Django. It may be > an overly utopian ideal, but I think > security issues, including escaping, should be a conscious effort > involving research and understanding of the > situation. Without that, it's like blindly adding bandaids to your > application hoping they'll keep the holes closed. > > Besides, auto-escaping reminds me of PHP's "magic quotes" and we all > know how well that turned out... :)
This comment set off all of my here-comes-a-200-message-mailing-list-saga alarms, so before anybody responds to this, *please* start the response in another mailing-list thread. Adrian -- Adrian Holovaty holovaty.com | djangoproject.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
