How do sanitizers work runtime?
segabor opened this issue · comments
Gábor Sebestyén commented
Happy Holidays,
I'm working on Swift port of closure templates and I need your guidance on how content sanitizers are used runtime. At which points are they invoked on what targets?
I ran through the Python code generator and learnt that variables passed through calling other templates are marked dirty and some kind of sanitization are done just before appending to output.
Are my assumptions correct?
Thanks,
Gábor
Luke Sandberg commented
basically.
The ContextualAutoescaper determines the 'context' for each piece of
dynamic content and then adds escaping directives to the AST. The
individual backends just generate code to invoke the directives, they don't
actually make sanitization decisions.
The one caveat is that the backends ensure that strings produced by
template blocks are marked as safe. So the result of every {template},
{let} and {param} block is annotated.
…On Wed, Dec 25, 2019 at 11:38 PM Gábor Sebestyén ***@***.***> wrote:
Happy Holidays,
I'm working on Swift port of closure templates and I need your guidance on
how content sanitizers are used runtime. At which points are they invoked
on what targets?
I ran through the Python code generator and learnt that variables passed
through calling other templates are marked dirty and some kind of
sanitization are done just before appending to output.
Are my assumptions correct?
Thanks,
Gábor
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#199?email_source=notifications&email_token=AABTJXARG3WFMUX26XLNMZDQ2RNOJA5CNFSM4J7JCR62YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4ICVMXEA>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABTJXEKDXIB4E7BCXK5SD3Q2RNOJANCNFSM4J7JCR6Q>
.