On Wednesday, August 19, 2020 at 2:01:51 AM UTC+2 cur...@tinbrain.net wrote:
> Seems related to something I learned early in my web career... about not > storing values escaped, because you don't know which medium it needs > escaping for -- e.g. HTML needs different escaping than URLs. > Exactly, this is the way to go. I'd switch any security firm that complains about "allowing special characters" in security audits in a heartbeat. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/5bfa7411-67e5-414d-bd52-f5162b26db73n%40googlegroups.com.