Migrating into Django 1.9; question about autoescape

Tue, 13 Feb 2018 08:53:59 -0800 

Hello all,

I have the task of migrating a very old website from Django 1.7 to either 
Django 1.11 or 2.0, depending on the effort.

My plan is to go from 1.7 --> 1.8 --> 1.9 -->1.10 --> 1.11, adapting the 
codebase as I go.  It's been easy enough until I arrive at 1.9, and the 
change in template-rendering in which "autoescape" defaults to "on".

Now a lot of my payload is arriving at the browser with my HTML tags 
escaped.  For example,

    <button>       gets rendered as        &lt;button&gt;

I have no argument with the autoescape-on default setting.  But I am unsure 
how to proceed, and how large the effort will be.  As background, I am a 
seasoned back-end programmer and a lightweight in HTML and template issues.

I see these alternatives.  Are there any others?


   1. Get to the Template Engine object and set its autoescape attribute to 
   "off".  This loses the protection that autoescape-on provides, restores the 
   Django 1.8 behavior, and let me proceed with the smallest amount of effort.
   
   Is this the template engine I need?  
"django.core.context_processors.request"  
   And how do I get to the object?
   
   2. Visit all of my HTML files and put "{% autoescape off %}" everywhere.
   
   I put "{% autoescape off %}" in my base.html, and it partially solved 
   the problem.  But it did not get everything.
   
   This is a medium amount of effort, and if I make a mistake the users 
   will have a bad experience.
   
   3. Visit all of my code and all of my templates, carefully converting 
   into the world of autoescape-on.

Thanks in advance,

  ---  Bill Torcaso

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/ada6d206-7daa-4c9f-a124-dab988909093%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to