My streak ends
First up, the bad news: my streak of one Django-related post per day in November is going to come to an end tomorrow. Some Thanksgiving plans (technically pre-Thanksgiving by a week, but nothing wrong with celebrating a little early) I’d had which were first on, then off, and are now on again, will be taking me out of town and probably offline from tomorrow morning through Sunday night. I toyed with the idea of putting together four entries and post-dating them to show up at the right times, but things have been a bit hectic lately and it just didn’t work out.
But there’s good news, in the form of automatic escaping of template output, which landed in Django’s trunk today. This is a feature that’s been kicking around for a while, with a lot of heated debate, and Malcolm finally sat down and implemented it properly. What this means is that the output of template variables — anything that’s wrapped in `{{ and
}}
in your templates — will automatically be escaped; characters which have special meaning in HTML, and which, if you display them directly from certain sources, could open up cross-site scripting vulnerabilties, will automatically be replaced with the appropriate character entities.
Before anyone goes shouting about it, it’s configurable; you can turn it off if you don’t want it. And it doesn’t work like PHP‘s god-awful magic_quotes
; turning it off happens right in the template where you can see it, and it doesn’t touch incoming data. Go see the auto-escaping documentation for all the details.
One other piece of good news, in case you haven’t seen it: the Django book is going to press. The site hasn’t updated with the final version (which fills in the last couple chapters and has undergone final editing) yet, but I’d imagine that’ll happen once the book is on shelves. Jacob and Adrian deserve a huge round of thanks for putting in all the hard work to provide a great free resource to the Django community (I don’t know exactly how well you do on royalties from a book you give away online, but I’d guess they aren’t going to make huge amounts of money on it).
I’ll be back late Sunday night, and hopefully I’ll resume daily posting on Monday; my apologies for the brief lapse, and I’ll see if I can’t use the actual Thanksgiving holiday to crank out a little extra material to make up for it.