Re: Possible bug - Incorrect escaping in Django SQL query

Raghupathy wrote: > > Hi, > > I came across an issue yesterday. Post on stackoverflow > > < > https://stackoverflow.com/questions/44287443/incorrect-escaping-in-django-sql-query> > > > > > > On further investigation today, I think I found the sour

Re: Possible bug - Incorrect escaping in Django SQL query

On Thu, Jun 01, 2017 at 02:29:17AM -0700, Roshan Raghupathy wrote: > Hi, > I came across an issue yesterday. Post on stackoverflow > <https://stackoverflow.com/questions/44287443/incorrect-escaping-in-django-sql-query> > > On further investigation today, I think I found th

Possible bug - Incorrect escaping in Django SQL query

Hi, I came across an issue yesterday. Post on stackoverflow <https://stackoverflow.com/questions/44287443/incorrect-escaping-in-django-sql-query> On further investigation today, I think I found the source of the issue. It's this line <https://github.com/django/django/blob/ma

Re: Escaping of help_text in form fields

Perfect ! Thanks Tim ! Le mardi 24 novembre 2015 16:02:21 UTC+1, Tim Graham a écrit : > > It's expected behavior and mentioned in the model field help_text docs, > but not form field help_text docs. I'll fix that. > > > https://docs.djangoproject.com/en/stable/ref/models/fields/#django.db.models.

Re: Escaping of help_text in form fields

It's expected behavior and mentioned in the model field help_text docs, but not form field help_text docs. I'll fix that. https://docs.djangoproject.com/en/stable/ref/models/fields/#django.db.models.Field.help_text On Tuesday, November 24, 2015 at 9:34:18 AM UTC-5, not...@gmail.com wrote: > > Hi

Escaping of help_text in form fields

Hi ! Just stumbled upon this issue, with django 1.8.6: from django import forms from django.template import Template, Context class A(forms.Form): f = forms.CharField(help_text=u'bli "blo" >', label="bla <") Template("{{form.as_p}}").render(Context({"form": A()})) # returns: u'bla <:

[ANNOUNCE] Django Security advisory: simple_tag does not do auto-escaping

The Django team has just published a short security advisory about usage of the simple_tag template tag helper. You should audit your own code. https://www.djangoproject.com/weblog/2015/jun/29/simple_tag-security-advisory/ -- You received this message because you are subscribed to the Google Gr

Re: Avoid verbose_name HTML escaping in admin

I'm only guessing, but I think the escaping is being done at rendering time by the template itself. Take a look at the default admin templates and check the docs for an explanation on how to override them with your own. Protip: do not edit the original files! Cheers, AT -- Sent from my

Avoid verbose_name HTML escaping in admin

Is it possible to avoid HTML escaping in admin? I have defined a model with verbose_name for several fields. In verbose_name I need HTML code to highlight part of the string e.g. d1 = models.CharField(max_length=1, blank=False, default='0', verbose_name="Hi all!''

Re: escaping (where is the exit)

data is stored as This is an exampleof the text content  Is that escaped or unescaped, if it is unescaped then it is being escaped elsewhere before it gets to be rendered to the template Thx -- View this message in context: http://old.nabble.com/escaping-%28where-is-the-exit%29

Re: escaping (where is the exit)

ieve -- View this message in context: http://old.nabble.com/escaping-%28where-is-the-exit%29-tp31531487p31534014.html Sent from the django-users mailing list archive at Nabble.com. -- You received this message because you are subscribed to the Google Groups "Django users" group. To

Re: escaping (where is the exit)

On Tue, May 3, 2011 at 3:49 PM, Michael Radziej wrote: > On Tue, 3 May 2011 07:18:24 -0700 (PDT), MikeKJ > wrote: >> >> I tried that too after the original post and that made no difference >> spcontent is escaped HTML and I thought that by marking it safe it >> wouldnt be escaped again in the pr

Re: escaping (where is the exit)

On Tue, 3 May 2011 07:18:24 -0700 (PDT), MikeKJ wrote: > > I tried that too after the original post and that made no difference > spcontent is escaped HTML and I thought that by marking it safe it > wouldnt be escaped again in the pretty.html template That's correct. But is spcontent escaped onc

Re: escaping (where is the exit)

On Tue, May 3, 2011 at 3:18 PM, MikeKJ wrote: > > I tried that too after the original post and that made no difference > spcontent is escaped HTML > and I thought that by marking it safe it wouldnt be escaped again in the > pretty.html template > > Thx > Mike > If spcontent is escaped HTML (eg '<

Re: escaping (where is the exit)

({        'content' : mark_safe(spcontent),        'title' : s.name,    }) http://docs.djangoproject.com/en/1.3/ref/utils/#django.utils.safestring.mark_safe http://docs.djangoproject.com/en/1.3/howto/custom-template-tags/#filters-and-auto-escaping Cheers Tom -- You received

Re: escaping (where is the exit)

27;content' : mark_safe(spcontent),        'title' : s.name,    }) http://docs.djangoproject.com/en/1.3/ref/utils/#django.utils.safestring.mark_safe http://docs.djangoproject.com/en/1.3/howto/custom-template-tags/#filters-and-auto-escaping Cheers Tom -- You received this messa

Re: escaping (where is the exit)

spcontent = 'header image' + spcontent context = Context({ 'content' : spcontent, 'title' : s.name, }) t = loader.get_template(surrounding_template) content = t.render(context) -- View this message in context: http://old

Re: escaping (where is the exit)

7;: spcontent = ' http://lime.paston.co.uk/media/images/Keyfacts_logo_.jpg ' + spcontent context = Context({ 'content' : spcontent, 'title' : s.name, }) t = loader.get_template(surrounding_template) content = t.render(context)

Re: escaping (where is the exit)

On Tue, 3 May 2011 04:25:46 -0700 (PDT), MikeKJ wrote: > > I got data from the database in a page, I then merge it as string > substitution though another template and end up with double escaping because > the escaping is automatic, the only place I can try to de escape is > the

escaping (where is the exit)

I got data from the database in a page, I then merge it as string substitution though another template and end up with double escaping because the escaping is automatic, the only place I can try to de escape is the 2ndary template, I have tried {% autoescape on %}{{ content }}{% endautoescape

Re: escaping metacharacter in url pattern

hel30 wrote: > > >> Hey guy's, > > >> I'm trying to replicate behaviour of a legacy CMS and stick it into a > >> new Django project. > > >> Here is an example of my url: > > >>http://hostname:port/cgi-bin/DocDB/ShowDocument?docid=19

Re: escaping metacharacter in url pattern

y CMS and stick it into a >> new Django project. >> >> Here is an example of my url: >> >> http://hostname:port/cgi-bin/DocDB/ShowDocument?docid=19530&version=1 >> >> I want to filter the docid and version with a regex in a urlpattern to >> use lat

Re: escaping metacharacter in url pattern

to > use later in a function: > >url(r'^cgi-bin/DocDB/ShowDocument\?docid=(?P\d+)\? > version=(?P\d+)', 'docDB.views.retrieveDocumentVersion'), > > I've tried about every way of escaping the '? ' but can't get it to > work... > > Any ideas anyone?

escaping metacharacter in url pattern

use later in a function: url(r'^cgi-bin/DocDB/ShowDocument\?docid=(?P\d+)\? version=(?P\d+)', 'docDB.views.retrieveDocumentVersion'), I've tried about every way of escaping the '? ' but can't get it to work... Any ideas anyone? Thanks, -- You received this m

Re: weird template escaping

Turn autoescape off (http://docs.djangoproject.com/en/dev/ref/ templates/builtins/?from=olddocs#autoescape) or mark it as safe by using the "safe" template filter tag (lower on the page). -- You received this message because you are subscribed to the Google Groups "Django users" group. To post t

weird template escaping

so it looks as though something is being silly and doing the following 1) translate to utf8 ie 'Elegant, sophisticated, discover Egypt\xe2\x80\x99s local customs' 2) escaping \x99 as ™ (trademark char is ™ == ™) where should I start looking to locate the problem? -- Robin Becker --

Re: Escaping text for raw SQL?

On Tue, Oct 12, 2010 at 9:53 AM, Steve Holden wrote: > ... > but I can't off-hand remember which ones. If the back-end doesn't allow > that then you have little option but to generate your own SQL. The > required escape function is extremely simple: > > def sqlesc(s): > return replace("'",

Re: Escaping text for raw SQL?

On 10/12/2010 4:34 PM, Nick Arnett wrote: > > > On Tue, Oct 12, 2010 at 9:00 AM, Javier Guerra Giraldez > mailto:jav...@guerrag.com>> wrote: > > On Tue, Oct 12, 2010 at 10:46 AM, Nick Arnett > wrote: > > Anybody know a good way to do this? > > Word

Re: Escaping text for raw SQL?

On Tue, Oct 12, 2010 at 9:00 AM, Javier Guerra Giraldez wrote: > On Tue, Oct 12, 2010 at 10:46 AM, Nick Arnett > wrote: > > Anybody know a good way to do this? > > Words.objects.filter(foo__in=mylist) Didn't even occur to me to not use raw SQL for this, but I could... trouble is, I wanted this

Re: Escaping text for raw SQL?

On Tue, Oct 12, 2010 at 10:46 AM, Nick Arnett wrote: > Anybody know a good way to do this? Words.objects.filter(foo__in=mylist) -- Javier -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googl

Escaping text for raw SQL?

I can't figure out if there is a way to escape text for raw SQL queries. I can't use substitution (I think) because I'm building a query like this: SELECT foo, bar FROM proj_words WHERE foo IN ("bat", "bug", "snip", "snap") The list of terms for the IN operator can be quite long... I suppose I c

Re: Escaping forward slashes in URLs

On Jun 25, 12:52 pm, Andrew Fong wrote: > Question: When is it necessary to escape a forward slash? I'm dealing > with these two situations in my templates -- assume the next context > variable is a URL of some sort. > > > > http://en.wikipedia.org/wiki/URL_encoding#Percent-encoding_reserved_c

Escaping forward slashes in URLs

Question: When is it necessary to escape a forward slash? I'm dealing with these two situations in my templates -- assume the next context variable is a URL of some sort. http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---

Re: URL quoting and escaping

I decided to follow Google's lead and pass it as a parameter of the query string instead and all is well now. Thanks for the feedback... I never considered it might be the web server. -Rob --~--~-~--~~~---~--~~ You received this message because you are subscribed

Re: URL quoting and escaping

be sending > >         clickthru/http://foo/bar > > and receiving > >         clickthru/http:/foo/bar > > which, if it were a filesystem, would be equivalent. Again, I can't > remember (or have the time to check all the details right now), whether > the URI spec p

Re: URL quoting and escaping

mber (or have the time to check all the details right now), whether the URI spec permits this kind of transformation, but I suspect not. Try using a different escaping function that also replaces slashes. E.g. replace slashes with _@ and "_" with "__", so it's reversible. Th

URL quoting and escaping

At work we wanted to set up some quick clickthru tracking. I whipped up a quick solution that seemed to work on my local machine. The solution was to use jQuery to look for anchor tags who's href started with "http://"; as a signifier of external links, and add a click event to them to direct th

Re: simple tags and (auto)escaping

escaping > > register = Library() > > @register.simple_tag > def testtag(): >     return mark_for_escaping("&><%") > - > > calling the tag from my template, inserts the string into my template > _unescaped_. > > Having readhttp://docs.djangoproject.c

simple tags and (auto)escaping

my template, inserts the string into my template _unescaped_. Having read http://docs.djangoproject.com/en/dev/howto/custom-template-tags/, I am not sure how to use (auto)escaping from a simple tag. Using mark_for_escaping doesn't work. simply returning the string and wrapping the

Re: Dev & Production difference: escaping html in admin

gt; [...] > But on my production stage there is a problem: no pictures are > displayed, all tags, returned by show_thumb method are escaped, and I > have raw HTMl in corespondend column. Auto-escaping was added in revision 6671, read http://code.djangoproject.com/wiki/Ba

Dev & Production difference: escaping html in admin

Hi, I have developer (win) & production (debian) installations of Django 0.97. There is one difference in admin app. I have a photogallery, and Picture model has this method: def show_thumb(self) : return '%s' % (self.get_image_url(), self.get_image_thumb_url(), self.image) also

Re: Escaping or Unescaping Translations in Templates

On Fri, 2008-08-29 at 11:16 -0700, Aidas Bendoraitis wrote: > Hello all! > > How to control the escaping of translations in templates? For example, > {% trans "I & Co" %} should be escaped in html templates but not in > javascript (or other language) templates.

Escaping or Unescaping Translations in Templates

Hello all! How to control the escaping of translations in templates? For example, {% trans "I & Co" %} should be escaped in html templates but not in javascript (or other language) templates. Aidas Bendoraitis aka Archatas --~--~-~--~~~---~--~~ You

Getting my widgets to stop escaping

Hi All, I am trying to make a custom django widget that contains a javascript call that uses unsafe characters (it passes a string to another function, so I need single quote characters); namely: class MyTextInput(forms.TextInput): def __init__(self, *args, **kwargs): att

Re: encoding and escaping of form values

Thank you *very* much. > What happens when you try it? Your computer won't catch on fire when you > make a mistake, so experimentation is a good way to learn. :-) I left out a lot of fumblings, including these ones. I find that when I'm beginning trying to understand a system with lots of parts

Re: encoding and escaping of form values

Thank you *very* much. > What happens when you try it? Your computer won't catch on fire when you > make a mistake, so experimentation is a good way to learn. :-) I left out a lot of fumblings, including these ones. I find that when I'm beginning trying to understand a system with lots of parts

Re: encoding and escaping of form values

27;s important here is that any HTML-sensitive characters are escaped appropriately. This means that inside attribute values (the '...' bit), for example, any single quote character would need to be escaped. Django's HTML escaping in fact escapes (converts to HTML entities) all five poten

encoding and escaping of form values

on-ascii, or any string at all. Does the encoding and escaping differ for the two instances of "string"? For instance, what if I set string=u"this is a quote: '\"' " ? Are both just encoded as utf-8 and then django.utils.html.escape() is done? My real ques

Re: escaping

On Jul 5, 4:15 pm, "Horst Gutmann" <[EMAIL PROTECTED]> wrote: > Already tried it without the extra spaces? > > {{ request.session.AccountNum|escape }} > > MfG, Horst man i really thought that had spaces in it in the docs... thanks for the clarification --~--~-~--~~~--

Re: escaping

Already tried it without the extra spaces? {{ request.session.AccountNum|escape }} MfG, Horst On Sat, Jul 5, 2008 at 10:13 PM, Bobby Roberts <[EMAIL PROTECTED]> wrote: > I'm trying to escape something printed back to a template as follows > > > {{request.session['AccountNum'] | escape }} > > a

escaping

I'm trying to escape something printed back to a template as follows {{request.session['AccountNum'] | escape }} and i'm getting this error: Could not parse the remainder: ' | escape' from 'request.session.AccountNum | escape' >From what I can tell i'm using the right syntax... am I missing

Re: HTML Escaping JSON data?

If the part of the page being changed is complex, the easiest way to do this is to call render_to_response as usual, but with the template containing only a instead of a full HTML page. Handle any escaping needed in the template. If you only want to update the text without adding any markup

Re: HTML Escaping JSON data?

saving to the DB.  If there is > something else you are concerned about or trying to do,  a bit more > information may result in better responses. > hth, > -richard > > On 6/16/08, Knifa <[EMAIL PROTECTED]> wrote: > > > > > Err, nevermind that actually. It didn&#

Re: HTML Escaping JSON data?

concerned about or trying to do, a bit more > information may result in better responses. > hth, > -richard > > On 6/16/08, Knifa <[EMAIL PROTECTED]> wrote: > > > > > Err, nevermind that actually. It didn't seem to work. > > > By escaping I mean like turnin

Re: HTML Escaping JSON data?

y. It didn't seem to work. > > By escaping I mean like turning < into > and > into < etc like > the "escape" filter does. > > On Jun 16, 5:22 pm, Knifa <[EMAIL PROTECTED]> wrote: > > Oh damn, I should have probably looked around a bit more, heh. I&

Re: HTML Escaping JSON data?

This should work: http://discuss.fogcreek.com/dotnetquestions/default.asp?cmd=show&ixPost=5015 On Jun 16, 12:26 pm, Knifa <[EMAIL PROTECTED]> wrote: > Err, nevermind that actually. It didn't seem to work. > > By escaping I mean like turning < into > and > into

Re: HTML Escaping JSON data?

Err, nevermind that actually. It didn't seem to work. By escaping I mean like turning < into > and > into < etc like the "escape" filter does. On Jun 16, 5:22 pm, Knifa <[EMAIL PROTECTED]> wrote: > Oh damn, I should have probably looked around a bit more,

Re: HTML Escaping JSON data?

Oh damn, I should have probably looked around a bit more, heh. I'm not really used to JS yet. Thanks very much! On Jun 16, 5:09 pm, joshuajonah <[EMAIL PROTECTED]> wrote: > I'm not really catching what you're doing here. You want to escape > html with javascript? Just use escape() > > On Jun 16,

Re: HTML Escaping JSON data?

I'm not really catching what you're doing here. You want to escape html with javascript? Just use escape() On Jun 16, 11:31 am, Knifa <[EMAIL PROTECTED]> wrote: > Hello there. > > I'm using Serialization with JSON to pass data to jQuery. Everything > is working fine, except that the data for the

HTML Escaping JSON data?

Hello there. I'm using Serialization with JSON to pass data to jQuery. Everything is working fine, except that the data for the fields of my model are not escaped, allowing people to use HTML on my app. There isn't a function as such in jQuery to do this (and I'm unsure if there is a built in Jav

Re: escaping of (double) quotes in html-attributes in widgets

On Sun, Jun 1, 2008 at 12:52 AM, thomas <[EMAIL PROTECTED]> wrote: > > hi, > i want to code a widget. therefore i need to provide a callback for > the "onclick" event. one of those arguments is a string and thus > between double-quotes. in the html-document the string is no more > between doublequ

escaping of (double) quotes in html-attributes in widgets

hi, i want to code a widget. therefore i need to provide a callback for the "onclick" event. one of those arguments is a string and thus between double-quotes. in the html-document the string is no more between doublequotes but surrounded by """, which of course does not work. what can i do agains

Re: un-escaping params

Perfect, thanks! On May 19, 10:40 pm, Brian <[EMAIL PROTECTED]> wrote: > On Tue, May 20, 2008 at 12:44 AM, [EMAIL PROTECTED] < > > [EMAIL PROTECTED]> wrote: > > > Hi, > > > I'm parsing a URI manually, and trying to extract the GET params. > > > What does django use to un-escape the params? Yah kn

Re: un-escaping params

On Tue, May 20, 2008 at 12:44 AM, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote: > > Hi, > > I'm parsing a URI manually, and trying to extract the GET params. > > What does django use to un-escape the params? Yah know to go from %20 > to " " in unicode? > > Thanks, > Ivan > tipjoy.com > > > I'm not

un-escaping params

Hi, I'm parsing a URI manually, and trying to extract the GET params. What does django use to un-escape the params? Yah know to go from %20 to " " in unicode? Thanks, Ivan tipjoy.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to th

Re: EmailMessage and Escaping issue

Julien wrote: I'm using EmailMessage to send a newsletter. It works fine except that some characters are escaped in the plain text version. For exemple, "é" becomes "é". If you are using the django template engine to build the body of your emails, you can either use the 'safe' template variabl

EmailMessage and Escaping issue

Hi, I'm using EmailMessage to send a newsletter. It works fine except that some characters are escaped in the plain text version. For exemple, "é" becomes "é". Do you know how I can avoid that? Thanks a lot, Julien --~--~-~--~~~---~--~~ You received this message

Re: Custom SQL Escaping apostrophe

[ I saw you next email, but I answer to this one, because errors are here ] Le Tue, 15 Apr 2008 11:03:03 -0700 (PDT), AJ <[EMAIL PROTECTED]> a écrit : > kw = 'test' > > sql = """ > SELECT MAX(`table`.`id`) > FROM `table` > WHERE `table`.`name` LIKE %s > GROUP BY `table`.`original_id`;""" > > c

Re: Custom SQL Escaping apostrophe

Ok, so I got this to work. I couldn't find anything online about using the like statement in queries with the python db api's, so here is what I did, in case anyone else runs into this. #this would actually come from a POST request kw = "test" sql = """ SELECT MAX(`table`.`id`) FROM `table` WHE

Re: Custom SQL Escaping apostrophe

I read the related article, but i'm still having trouble with a few items. The first is that it seems like I have to pass the string into execute and can't store it in a variable. I tried this: kw = 'test' sql = """ SELECT MAX(`table`.`id`) FROM `table` WHERE `table`.`name` LIKE %s GROUP BY `

Re: Custom SQL Escaping apostrophe

AJ wrote: [...] > sql = """ > SELECT MAX(`table`.`id`) > FROM `table` > WHERE `table`.`name` LIKE '%(kw)s' > GROUP BY `table`.`original_id`;""" > > sql = sql % {'kw' : '%%' + query + '%%'} > cursor.execute(sql) [...] This is the wrong way to do this, and your problem explains why. Take a look a

Custom SQL Escaping apostrophe

akes sense. So if I can't use query = query.replace("'", "\'"), is there a builtin function that will escape apostrophes? I was under the impression that the db module handled escaping for you. Thanks in advance. Aaron --~--~-~--~~---

Re: RSS escaping, {{ autoescape }} and |safe

> I'm sure I'm not the only person who has come across > this problem I ran into this yesterday: http://code.djangoproject.com/ticket/6533 Might be related? Michael --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Grou

RSS escaping, {{ autoescape }} and |safe

My blog uses some very simple Django apps, and applications in contrib for most of the features, including django.contrib.syndication.feeds. I've recently noticed that my RSS isn't being properly escaped (see http://jonatkinson.co.uk/feeds/blog/), so I thought that simply wrapping my RSS blog_des

Re: Escaping/unescaping HTML

Never mind this, I run xml.sax.saxutils.unescape() on the appropriate parts before putting them into the model. That seems to work. -Björn On Jan 24, 12:05 pm, bjornkri <[EMAIL PROTECTED]> wrote: > I'm working on a project that reads feeds from tumblr.com and displays > on my page. The api is a

Escaping/unescaping HTML

I'm working on a project that reads feeds from tumblr.com and displays on my page. The api is a simple xml file (http://beertje.tumblr.com/ api/read/), which I process with BeautifulSoup. Here's a sample tumblr post: http://beertje.tumblr.com/post/24484315"; type="quote" date="Wed, 23 Jan 2008 1

Re: Escaping "_" (underscore character) by psycopg1 backend?

On Jan 18, 12:54 pm, Malcolm Tredinnick <[EMAIL PROTECTED]> wrote: > Basically, PostgreSQL is trying to be more standards compliant by > default, at the cost of slightly impacting backwards compatibility. You > might also want to look at escape_string_warning (setting it to false, > since the warn

Re: Escaping "_" (underscore character) by psycopg1 backend?

On Fri, 2008-01-18 at 12:30 +0100, Jarek Zgoda wrote: > I just stumbled upon strange behavior of django-0.96.1 and > postgresql-8.2 combo. Essentially, different versions of postgresql-8.2 > client libraries (or server, I am not a PostgreSQL expert) used with > Django-0.96.1 ORM produce different

Escaping "_" (underscore character) by psycopg1 backend?

I just stumbled upon strange behavior of django-0.96.1 and postgresql-8.2 combo. Essentially, different versions of postgresql-8.2 client libraries (or server, I am not a PostgreSQL expert) used with Django-0.96.1 ORM produce different results for lookups that use ILIKE (eg. iexact, icontains). Wh

Re: auto-escaping and auto generated RSS feeds

;<" you're outputting is meant to be an HTML tag or not, so Django defaults to being safe and escaping those characters. Regards, Malcolm -- Why can't you be a non-conformist like everyone else? http://www.pointy-stick.com/blog/ --~--~-~--~~~

auto-escaping and auto generated RSS feeds

Hi all, I used to let Django generate my rss feed automatically (i didnt create any template for it). Since the autoescaping feature in the development version, my feeds are also escaped. Is there any way to disable it other than creates a template with the {{autoescape off}} ? Thanks, francoi

Re: completely escaping an included template

Jan Rademaker wrote: > > See http://www.djangoproject.com/documentation/templates/#force-escape Thank you... - bram --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group,

Re: completely escaping an included template

On Dec 18, 8:12 pm, Bram - Smartelectronix <[EMAIL PROTECTED]> wrote: > Hello everyone, > > trying to upgrade to the latest trunk, I'm wrestling a bit with the > autoescape function. Talking about embed-code for an enduser, I used to > write: > > {% include embedded_player.html %} > Copy-paste t

completely escaping an included template

Hello everyone, trying to upgrade to the latest trunk, I'm wrestling a bit with the autoescape function. Talking about embed-code for an enduser, I used to write: {% include embedded_player.html %} Copy-paste this: The first part shows to the end-user how the embeddable player will look li

Backwards-incompatible change: automatic HTML escaping

For everybody who updates frequently: revision [6671] -- which was committed about five minutes ago -- contains a change that is possibly more disruptive than most if you're displaying HTML via template variables. So I'm taking the slightly unusual step of drawing your attention to it. So read th

Re: Templates escaping ampersand

On 8/8/07, Kynatro <[EMAIL PROTECTED]> wrote: > > I'm fairly new to dJango and I'm having a problem with the templating > system. I'm replacing a block in my base template and trying to pass > over apostrophe characters as their entity codes (&rsqou;), but the > template system is converting the a

Templates escaping ampersand

I'm fairly new to dJango and I'm having a problem with the templating system. I'm replacing a block in my base template and trying to pass over apostrophe characters as their entity codes (&rsqou;), but the template system is converting the ampersand to its entity so the end result is &&rsqou; in