AFAIK, HTML escaping is done by using 'h' filter. Like this: ${'<html></html>' | h} will render '<html></html>'
Sorry, don't know about auto-closing HTML tags.. I guess there's no such functionality in Mako by default, but you can use some filter just like HTML escaping one. On 5/6/07, Qiangning Hong <[EMAIL PROTECTED]> wrote: > > > I'm porting from genshi to mako for my blog application, and found two > important features lack in mako: > > 1. auto html escaping. I must escape explicitly in mako to avoid XSS > attack. It's error-prone, but i can live with that. > 2. auto close open tags in HTML. In genshi, HTML() function will > close open tags automatically. e.g. HTML('<i>asdf') will produce > '<i>asdf</i>'. It can avoid users' input to mess up with the page > layout, that's very important for a system allowing users to input > html directly. > > Is there an equivalent in mako? > > > > > -- WBR, Dan Korostelev --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---