Suggestion: auto-escape implicitly, make not-escaping explicit

[candeira]

15:11 < kandinski> why do you make escape explicit? 15:11 < FunkyBob> am still considering changing it to using ast mangling 15:11 < FunkyBob> eh? 15:11 < FunkyBob> you mean why don't I auto-escape like Django does? 15:11 < kandinski> wouldn't it be easier to always escape shit, and have dontescape for the rare ones that you want to not escape? 15:11 < kandinski> yes 15:11 < kandinski> huffman encoding for template writing 15:11 < FunkyBob> possibly 15:11 < kandinski> make the more common case take up less characters 15:12 < kandinski> just sayin' 15:12 < FunkyBob> not disputing the validity 15:12 < kandinski> well, it's backseat driving, you know, I'm not even a user 15:12 < kandinski> but it did jump at me 15:12 < FunkyBob> feel free to open a ticket to help me remember :)

[funkybob]

If I sub-class str, it would allow me to add an attribute to mark it as safe/unsafe. I could then override the str method to account for that.

Ideally there would be a way to indicate which escaping mode is preferred - html, email, url, etc...

[funkybob]

As of 4.2.0, escaping is now the default for {{ var }} tags, and can be controlled by a new attribute on the Context class.