Simon Willison’s Weblog

Django Changeset 6671. Malcolm Tredinnick: “Implemented auto-escaping of variable output in templates”. Fantastic—Django now has protection against accidental XSS holes, turned on by default.

Posted 14th November 2007 at 5:05 pm

Recent articles

Your job is to deliver code you have proven to work - 18th December 2025
Gemini 3 Flash - 17th December 2025
I ported JustHTML from Python to JavaScript with Codex CLI and GPT-5.2 in 4.5 hours - 15th December 2025

autoescaping 4 django 582 malcolm-tredinnick 8 python 1216 security 570 templating 7 xss 60

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe