discuss if we want to have the .ttl.j2 extension in the autoescape mapping - Githubissues

vliz-be-opsci / py-sema

Overall parent of all packages involving semantic manipulation of RDF data.

MIT License

0 stars 0 forks source link

discuss if we want to have the .ttl.j2 extension in the autoescape mapping #130

Open cedricdcc opened 3 weeks ago

cedricdcc commented 3 weeks ago

https://github.com/vliz-be-opsci/py-sema/blob/5ab22eca687e55c8665fe09cd36bd85495798483/sema/subyt/j2/generator.py#L23-L40 includes all the extensions that will automatically not apply html escaping to the various template expansions.

Files ext not in that list will typically require manually adding | safe statements to avoid HTML escaping. This can be avoided.

Various routes to go:

Add more extensions to the list
Check if we can just ignore HTML escaping for all files. -> eg: "autoescape":False ?

Linked to https://github.com/emo-bon/observatory-profile/blob/main/templates/water_sampling.ldt.ttl.j2 Where | safe is used in all filters.

mpo-vliz commented 3 weeks ago

according to https://codeql.github.com/codeql-query-help/python/py-jinja2-autoescape-false/

passing the option "autoescape": False should actually work
but is not recommended (for typical web-context-usage of template where XML and HTML generation is the norm)