At first, I would do your step 1. I would check for any other errors in Django 1.8, and then proceed with updating to 1.9 -> 1.10 -> 1.11 -> 2.0. You are probably going to find other issues that need to be resolved in those upgrades. Ultimately, you will probably have to do step 3. I wouldn’t do step 2 since you’ll be updating all of your templates. If you are going to update all your templates, you might as well just do step 3.
From: django-users@googlegroups.com [mailto:django-users@googlegroups.com] On Behalf Of Bill Torcaso Sent: Tuesday, February 13, 2018 8:54 AM To: Django users Subject: Migrating into Django 1.9; question about autoescape Hello all, I have the task of migrating a very old website from Django 1.7 to either Django 1.11 or 2.0, depending on the effort. My plan is to go from 1.7 --> 1.8 --> 1.9 -->1.10 --> 1.11, adapting the codebase as I go. It's been easy enough until I arrive at 1.9, and the change in template-rendering in which "autoescape" defaults to "on". Now a lot of my payload is arriving at the browser with my HTML tags escaped. For example, <button> gets rendered as <button> I have no argument with the autoescape-on default setting. But I am unsure how to proceed, and how large the effort will be. As background, I am a seasoned back-end programmer and a lightweight in HTML and template issues. I see these alternatives. Are there any others? 1. Get to the Template Engine object and set its autoescape attribute to "off". This loses the protection that autoescape-on provides, restores the Django 1.8 behavior, and let me proceed with the smallest amount of effort. Is this the template engine I need? "django.core.context_processors.request" And how do I get to the object? 2. Visit all of my HTML files and put "{% autoescape off %}" everywhere. I put "{% autoescape off %}" in my base.html, and it partially solved the problem. But it did not get everything. This is a medium amount of effort, and if I make a mistake the users will have a bad experience. 3. Visit all of my code and all of my templates, carefully converting into the world of autoescape-on. Thanks in advance, --- Bill Torcaso -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com<mailto:django-users+unsubscr...@googlegroups.com>. To post to this group, send email to django-users@googlegroups.com<mailto:django-users@googlegroups.com>. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ada6d206-7daa-4c9f-a124-dab988909093%40googlegroups.com<https://groups.google.com/d/msgid/django-users/ada6d206-7daa-4c9f-a124-dab988909093%40googlegroups.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/123bf571f5b84231902c20fa64d1a512%40ISS1.ISS.LOCAL. For more options, visit https://groups.google.com/d/optout.
