turn on autoescape in Jinja2

Question

turn on autoescape in Jinja2

chadwhitacre opened this issue 10 years ago · comments

Jinja2 sez autoescape is bad, but I disagree. See gratipay/gratipay.com#722 for discussion.

Paul Jimenez · Answer 1 · Sat Feb 07 2015 00:18:49 GMT+0800 (China Standard Time)

I'd rather leave it the default, but document how to turn it on if you want it. Could/should also serve to document how, in general, to tweak renderers.

Chad Whitacre · Answer 2 · Sat Feb 07 2015 00:36:04 GMT+0800 (China Standard Time)

The difference in our case is that we're almost exclusively HTML/XML in context. Jinja2 might be used for email, but aspen-jinja2 is almost certainly being used for HTML.

Charly C. · Answer 3 · Sat Feb 07 2015 00:44:21 GMT+0800 (China Standard Time)

aspen-jinja2 should be able to determine what it's being used for (via the Content-Type) and thus whether or not it's appropriate to turn on the autoescape.

Charly C. · Answer 4 · Wed Feb 18 2015 22:10:53 GMT+0800 (China Standard Time)

I have a branch ready for this, waiting for the next Aspen release.