Escape will convert the text to html entities. For example, >>> x = "A 'quote' is <b>bold</b>" >>> print response.write(x, escape=True) A 'quote' is <b>bold</b>
This protects your page from html injection hacks. If you need to display html from a variable and you know absolutely sure that it is safe, use {{=XML(x)}} Which also provides some helper methods to allow you to select "safe" tags without allowing everything. -- Thadeus On Fri, Dec 24, 2010 at 11:39 PM, Sahil Arora <sahilarora...@gmail.com>wrote: > I am asking what does escape=true does > > > On Sat, Dec 25, 2010 at 11:02 AM, mdipierro <mdipie...@cs.depaul.edu>wrote: > >> {{=x}} >> >> is equivalent to >> >> {{response.write(x,escape=True)}} >> >> Did I answer the question? >> >> >> On Dec 24, 10:04 pm, Sahil Arora <sahilarora...@gmail.com> wrote: >> > what do you mean by word 'escape' when we say escape = False >> > >> > or >> > in >> > {{=x}} >> > Variables injected into the HTML in this way are escaped by default. The >> > escaping is ignored if x is an XML object, even if escape is set to >> True. >> > >> > -- >> > Sahil Arora >> > B.Tech 2nd year >> > Computer Science and Engineering >> > IIT Delhi >> > Contact No: +91 9871491046 >> > > > > -- > Sahil Arora > B.Tech 2nd year > Computer Science and Engineering > IIT Delhi > Contact No: +91 9871491046 >