Closed GoogleCodeExporter closed 8 years ago
GoogleCodeExporter
commented
8 years ago Thanks, as this this causes breakage I'll try to get a new release out later
today that fixes this.Original comment by mintx...@gmail.com on 18 Nov 2007 at 7:12
GoogleCodeExporter
commented
8 years ago if I were a django app. developer I'll probably relase with the upstream
(django) and
syncronize svn. because people will tend to use your release with the latest
django
release and it may not work.Original comment by canbu...@gmail.com on 19 Nov 2007 at 12:04
GoogleCodeExporter
commented
8 years ago I'll be maintaining a that works with .96 so people who aren't tracking svn can
use that.Original comment by mintx...@gmail.com on 19 Nov 2007 at 4:43
GoogleCodeExporter
commented
8 years ago It doesn't seem that this issue has been fixed yet on trunk, so I put together a
quick patch. Seems to work for me, I may have done something incorrectly though.Original comment by dgr...@gmail.com on 21 Apr 2008 at 1:41
Attachments:
GoogleCodeExporter
commented
8 years ago Your patch breaks smartypants:
>>> conditional_escape("everybody's watching")
u'everybody's watching'
>>> smartypants.smartyPants(conditional_escape("everybody's watching"))
u'everybody's watching'
Django 1.0 is coming soon. We need a better fix ASAP.
Original comment by stef...@gmail.com on 25 Jul 2008 at 8:49
GoogleCodeExporter
commented
8 years ago Fixed in r12
It's late but it's here in time for Django 1.0. All typogrify filters (except
for the new titlecase) mark their output as
safe. This means you should only use them on input you trust or have cleaned
somehow. if you'd like to use
them on user content like comments please run them through |force_escape or
|markdown:"safe" on them first. Original comment by mintx...@gmail.com on 29 Aug 2008 at 9:22
Original issue reported on code.google.com by
canbu...@gmail.comon 18 Nov 2007 at 2:45