Hi, Sorry I'm late to this thread. I've been working hard on i18n.
Luke Plant wrote: > Logically I would expect the following 3 to produce the same output: > > 1) I use mark_safe on my safe input string and use addslashes to add > the slashes > > Template("{{ val|addslashes }}").render( > Context({'val': mark_safe("Joe's string")}, > autoescape=rtfescape) > ) > > 2) I don't use mark_safe on my safe input string and use addslashes to > add the slashes > > Template("{{ val|addslashes }}").render( > Context({'val': "Joe's string"}, > autoescape=rtfescape) > ) > > 3) I manually 'apply' addslashes. > > Template("{{ val }}").render( > Context({'val': "Joe\\'s string"}, > autoescape=rtfescape) > ) > > But these do not produce the same output - 1 is different from 2 and 3, > and is not what I intend. > Just for clarity could you say what the three outputs would be? 1) Joe\'s string 2) Joe\\'s string 3) Joe\\'s string ? I would say that you would need to be aware of the escaping rules of the mark up you are templating when writing your template, just like you need to be aware of html escaping rules when you do any of these: 1) Template("{{ val|force_escape }}").render( Context({'val': mark_safe("This & that")}) ) 2) Template("{{ val|force_escape }}").render( Context({'val': "This & that"}) ) 3) Template("{{ val }}").render( Context({'val': "This & that"}) ) If you don't have knowledge of the escaping rules, and base the filters you use based on that knowledge, you're in the same situation. Flipped around, though, the |upper filter is not safe (in html and in django), so that would mean that Template("{{ val|upper }}").render( Context({'val': mark_safe("Joe\\'s string")}, autoescape=rtfescape) Would unexpectedly escape Joe's string to "JOE\\\\'S STRING", even though upper is not unsafe in rtf. That means that the safe-ness or not of each filter is determined by the template markup being prepared. So I see your point, and I see why it adds unwanted mess to Django. I just thought I'd give more points of information. I'll probably even remove the feature from Grantlee when I can, so thanks for the discussion. All the best, Steve. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.