Hi,
Some time ago, I wrote something in this direction, it's a Template
subclass that escapes all variable nodes. I found that I don't use
it, but perhaps someone wants to build upon it. It works, but misses
a proper loader.
If you have a pre-formatted string, you have to turn it into an
On 14 Jun 2006, at 00:07, Rudolph wrote:
> I like your idea of explicitly turning it on or off globally in the
> settings. In addition to that idea I would suggest an option to set
> the
> behaviour for a whole Template, something like:
>
> tmpl = loader.get_template('example.csv')
> tmpl.auto
Simon Willison wrote:
>
>
> The ideal situation would be for auto_escape to be on by default, and
> let templates turn it off if they need to. This has serious backwards
> compatibility issues however.
the official opinion is that there's no backward-compatibility
guarantees before 1.0 any
Hi,
Just a message to the managers of the django website :
I get an error when I try to access the "Recent Code Changes" RSS feed
(on
the page http://www.djangoproject.com/weblog/)
the link generating the error is :
http://code.djangoproject.com/timeline?
Hi, everyone!
First: introduction. My name is Uros Trebec and I was lucky enough to
be
selected to implement my idea of "history tracking" in Django. I guess
at least some of you think this is a very nice feature to have in web
framework, so I would like to thank you all who voted for my Summer O
On 6/14/06, Ivan Sagalaev <[EMAIL PROTECTED]> wrote:
>
> Jay Parlar wrote:
> > So what I'm thinking, is to allow something like the following:
> >
> > class User(models.Model):
> > username = models.CharField(...)
> > avatar = models.ImageField(upload_to="users/" + self.username,
> > erase
Hi, all. First time caller here.
On 6/14/06, Simon Willison <[EMAIL PROTECTED]> wrote:
> In my opinion, there are three viable solutions:
>
> 1. auto_escape is on for ALL Django templates ALL the time. It may
> well be too late to do this due to backwards compatibility concerns.
>
Another concer
Fist up, apologies if I'm posting this in the wrong place and apologies
if this issues is covered somewhere else -- I searched for it but
couldn't find the answer I was looking for.
OK, I'm new to Django but have a quick, hopefully easy-to-answer
question,
I want to have a URL of the form
/path
Yes, it is possible, either using generic views or just views. What
way are you using?
On 6/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> I want to have a URL of the form
> /path/to/my/site/biographies/persons-name/ where 'persons-name' is a
> slug field for a class, but not the prim
[EMAIL PROTECTED] wrote:
> Fist up, apologies if I'm posting this in the wrong place and apologies
> if this issues is covered somewhere else -- I searched for it but
> couldn't find the answer I was looking for.
>
> OK, I'm new to Django but have a quick, hopefully easy-to-answer
> question,
>
[EMAIL PROTECTED] wrote:
> Fist up, apologies if I'm posting this in the wrong place and apologies
> if this issues is covered somewhere else -- I searched for it but
> couldn't find the answer I was looking for.
>
> OK, I'm new to Django but have a quick, hopefully easy-to-answer
> question,
>
Thanks... that was exactly what I was looking for!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe fr
the problem is that there are multiple types of escaping. sql? html?
javascript? new-web-tech-of-the-day? do you escape them all, or just some?
personally, i don't like my framework to auto-munge my data behind my
back. esp. in ways that are not clearly defined and could change on a
whim. t
On 14 Jun 2006, at 14:44, Derek Anderson wrote:
> the problem is that there are multiple types of escaping. sql? html?
> javascript? new-web-tech-of-the-day? do you escape them all, or
> just some?
>
> personally, i don't like my framework to auto-munge my data behind my
> back. esp. in wa
the idea of it being in the model was more along the lines of validating
incoming data than it was munging outgoing. html is almost always
either acceptable or it's not in a given field. (per your example: who
want's arbitrary HTML allowed in a plain text email and not in a web
page?)
but i sti
On 6/14/06, Derek Anderson <[EMAIL PROTECTED]> wrote:
>
> the idea of it being in the model was more along the lines of validating
> incoming data than it was munging outgoing. html is almost always
> either acceptable or it's not in a given field. (per your example: who
> want's arbitrary HTML
On 14 Jun 2006, at 15:48, Derek Anderson wrote:
> the idea of it being in the model was more along the lines of
> validating
> incoming data than it was munging outgoing. html is almost always
> either acceptable or it's not in a given field. (per your example:
> who
> want's arbitrary HTM
On 6/14/06, Vladikio <[EMAIL PROTECTED]> wrote:
> Just a message to the managers of the django website :
> I get an error when I try to access the "Recent Code Changes" RSS
> feed (on
> the page http://www.djangoproject.com/weblog/)
>
> the link generating the error is :
>
Hmm. I see two different cases that get munched in the discussion:
a) You run data through some filter or inside a html tag where it shouldn't be
escaped.
For this, you (or the designer) need to specify this in the template.
b) Parts of the context are pre-assembled html or are already unesc
On 14-Jun-06, at 6:15 PM, [EMAIL PROTECTED] wrote:
> I want to have a URL of the form
> /path/to/my/site/biographies/persons-name/ where 'persons-name' is a
> slug field for a class, but not the primary key...is this possible?
yes - but make sure that even if it is not the primary key it is uni
On 6/14/06, Uros Trebec <[EMAIL PROTECTED]> wrote:
>
> 2.1. Basic models:
> To enable history tracking Bob has to create a sub-class for those
> models that he will like to track:
>
> class Post(models.Model):
> author = models.CharField(maxlength=100)
> tit
On 6/13/06, Brantley Harris <[EMAIL PROTECTED]> wrote:
> Custom manipulators are a pain. Could we think about integrating this
> cookbook recipie into Django? Or at least start a dialogue about
> improving this process.
>
> http://code.djangoproject.com/wiki/CookBookManipulatorCustomManipulator
> What do you think of auto escaping being on for .html templates and off for
> .txt templates?
Simon,
Sounds clean but consider:
a) The ever-present argument about file extensions & template syntax
(that we seemed to solve with MR)
b) These can't be so easily extended. For example, to switch yo
On 14 Jun 2006, at 17:19, oggie rob wrote:
> a) The ever-present argument about file extensions & template syntax
> (that we seemed to solve with MR)
> b) These can't be so easily extended. For example, to switch your
> entire app from non-escaping to escaping you have to rename all your
> files
On 6/14/06, Simon Willison <[EMAIL PROTECTED]> wrote:
>
> On 14 Jun 2006, at 17:19, oggie rob wrote:
>
> > a) The ever-present argument about file extensions & template syntax
> > (that we seemed to solve with MR)
> > b) These can't be so easily extended. For example, to switch your
> > entire app
Mind if I take a shot at it?
On 6/14/06, Adrian Holovaty <[EMAIL PROTECTED]> wrote:
>
> On 6/13/06, Brantley Harris <[EMAIL PROTECTED]> wrote:
> > Custom manipulators are a pain. Could we think about integrating this
> > cookbook recipie into Django? Or at least start a dialogue about
> > impro
Hi,
Derek Anderson mentioned the need for different kinds of escaping. So
maybe the syntax should be more something like:
{% autoescape xml on %}
and
{% autoescape javascript on %}
Rudolph
--~--~-~--~~~---~--~~
You received this message because you are subscr
Hi folks --
So the benefits of automatic escaping are pretty obvious --
protection from XSS attacks -- but I'm wary of a few details in the
existing proposals.
First, escaping everything by default complete breaks every existing
template. That's not necessarily a complete deal-breaker, but
Jacob Kaplan-Moss wrote:
> Hi folks --
>
> So the benefits of automatic escaping are pretty obvious --
> protection from XSS attacks -- but I'm wary of a few details in the
> existing proposals.
>
>
i completely agree that before doing such a global change, all
consequences will have to
Hi all
Have been playing around with dojo lately and started building widgets
to use in my django apps. Must say - although docs are sparse - dojo is
one helluva framework :)
While googling for input I came across ticket #13 and now I'm wondering
how much of those ideas and super sexy mockups
(oops, posted this before in the django users group)
I noticed http://code.djangoproject.com/ticket/2131 was marked as a
wontfix today with the comment, "Django isn't meant to serve static
files".
I don't want to go reopening the ticket, but couldn't this still be
useful functionality?
What if I
On 6/14/06, SmileyChris <[EMAIL PROTECTED]> wrote:
> I don't want to go reopening the ticket, but couldn't this still be
> useful functionality?
Well, I can certainly see Adrian's point in that ticket; Django really
isn't meant for handling static files, which is why there are huge
warnings all o
I realise there are better ways to send most files. I ask about this
because I'm looking at implementing that "special case" soon
(authenticating files via logged in user in Django), and I was just
wondering about ways to do it.
--~--~-~--~~~---~--~~
You received
gabor wrote:
> my guess is (b)
I think (b) is pretty much a given. Looking back in the developers
group history, I see this is a recurring problem that seems to keep
getting put in the "too hard" basket.
See:
http://groups.google.com/group/django-users/browse_thread/thread/21da889ecb9c63dd/145e3
SmileyChris wrote:
> I don't want to go reopening the ticket, but couldn't this still be
> useful functionality?
>
The regular HttpResponse already can serve files in some fashion:
f = open(filename)
return HttpResponse(f, mimetype='application/octet-stream')
Here the file-like object
Ivan Sagalaev wrote:
> The regular HttpResponse already can serve files in some fashion:
>
> f = open(filename)
> return HttpResponse(f, mimetype='application/octet-stream')
>
> Here the file-like object will work as an iterator sending one line at
> a time.
Thanks Ivan, this alleviates
Visit this site,
http://www.cybertyros.info
You can find and download from here:
Budha palm, Long hu men, Dragon of tang dynasty, twins,etc,
And you can also find and download
Adult magazine (such as playboy, triple xxx, FHM,etc,etc)
--~--~-~--~~~---~--~~
Y
37 matches
Mail list logo
