Simon Willison’s Weblog

Subscribe
Atom feed for autoescaping

4 items tagged “autoescaping”

2008

Django 1.0 alpha release notes. The big features are newforms-admin, unicode everywhere, the queryset-refactor ORM improvements and auto-escaping in templates.

# 22nd July 2008, 6:04 am / orm, django, alpha, python, newformsadmin, unicode, querysetrefactor, autoescaping

Jinja2 Final aka Jinjavitus Released. The Jinja template engine now has auto-escaping as an optional feature, disabled by default. Worth considering as an almost drop-in replacement for Django’s template language if features such as macros and compilation to Python code appeal to you.

# 19th July 2008, 11:52 pm / jinja, python, autoescaping, django

2007

Why the h can’t Rails escape HTML automatically? It would be a pretty huge change, but auto-escaping in Rails 2.0 could close up a lot of accidental XSS holes.

# 1st December 2007, 8:34 pm / rails, autoescaping, django, security, xss

Django Changeset 6671. Malcolm Tredinnick: “Implemented auto-escaping of variable output in templates”. Fantastic—Django now has protection against accidental XSS holes, turned on by default.

# 14th November 2007, 5:05 pm / malcolmtredinnick, django, autoescaping, xss, security, python, templating