On Sat, 2008-09-20 at 20:42 +0400, Ivan Sagalaev wrote: > tsmets wrote: > > OK ! > > I found it : http://code.djangoproject.com/wiki/AutoEscaping > > > > {% autoescape off %} > > {{ body }} > > {% endautoescape %} > > Or just {{ body|safe }}. > > Better yet, the thing that creates colorizedCode should mark it as > "safe" (i.e. not requiring escaping) in this fashion: > > from django.utils.safestring import mark_safe > def colorize(): > # ... > return mark_safe(result)
Although if you ever write anything like that you are also responsible for escaping the existing code. I've seen a number of code fragments around where people throw in mark_safe() (or use the "safe" filter in templates) without first having actually made the contents safe by escaping it first. When you call mark_safe() you are saying that you know that any dangerous content (HTML special characters) have already been handled appropriately and that's not an optional step. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
