Simon Willison’s Weblog

Django Changeset 6671. Malcolm Tredinnick: “Implemented auto-escaping of variable output in templates”. Fantastic—Django now has protection against accidental XSS holes, turned on by default.

Posted 14th November 2007 at 5:05 pm

Recent articles

Gemini 2.0 Flash: An outstanding multi-modal LLM with a sci-fi streaming mode - 11th December 2024
ChatGPT Canvas can make API requests now, but it's complicated - 10th December 2024
I can now run a GPT-4 class model on my laptop - 9th December 2024

autoescaping 4 django 566 malcolmtredinnick 8 python 1076 security 494 templating 6 xss 59