sc68cal
commented
12 years ago Maybe use the h filter in the default filters?
Open defnull opened 12 years ago
sc68cal
commented
12 years ago Maybe use the h filter in the default filters?
iurisilvio
commented
12 years ago It is an easy issue, just need to add a keyword default_filters=['h'] to Template, but I don't know if Bottle must escape HTML to Mako.
It is a template specific thing, Mako by default is not safe and Mako users should know that. Also, I didn't found an easy way to remove a default filter. You can apply n filter to remove all filters and reapply other filters you want. It is not the straight way to work with Mako, so if you wrote Mako templates to Bottle and want to change to another web framework, you will need to rewrite some template things.
I know just the basics of Mako, maybe I didn't know something you can use against my point, but to me it is not a real issue.
Mako is configured to not escape HTML control characters by default. There should be a safe default.