Let's introduce a new escapetemplate filter allowing to escape string values in templates. This new filter should probably make use of the HTML#escape method.
For example:
{{ my_var|escape }}
If my_var was set to <b>Let's do it</b>, then the output of the above template would be <b>Let's do it</b>.
Special care should be taken to ensure that we don't end up applying multiple rounds of escaping to string values that would've been auto-escaped by Marten's auto-escaping mechanism. To avoid that, string values escaped with the new escape filter should probably be converted to safe string objects.
Description
Let's introduce a new
escape
template filter allowing to escape string values in templates. This new filter should probably make use of theHTML#escape
method.For example:
If
my_var
was set to<b>Let's do it</b>
, then the output of the above template would be<b>Let's do it</b>
.Special care should be taken to ensure that we don't end up applying multiple rounds of escaping to string values that would've been auto-escaped by Marten's auto-escaping mechanism. To avoid that, string values escaped with the new
escape
filter should probably be converted to safe string objects.