#146 closed defect (fixed)
escaping not handled in NewTextTemplate
| Reported by: | mgood | Owned by: | cmlenz |
|---|---|---|---|
| Priority: | major | Milestone: | 0.5 |
| Component: | Serialization | Version: | 0.4.4 |
| Keywords: | Cc: |
Description (last modified by mgood)
& Trying to use the escape method from a text template doesn't seem to work like you'd expect:
>>> from genshi.template import * >>> from genshi.core import escape >>> t = NewTextTemplate('${escape(foo)}') >>> print t.generate(foo='<>', escape=escape) <>
As a workaround you can force it to a str first:
>>> t = NewTextTemplate('${str(escape(foo))}') >>> print t.generate(foo='<>', escape=escape) <>
Admittedly you'll generally want to use Markup templates for HTML generation, but you may want to use the text templates for better performance on certain pages. Also, the bigtable benchmark of NewTextTemplate doesn't do any escaping giving it a slight advantage over the other templates that are calling their escape methods.
Change History (3)
comment:1 Changed 17 years ago by mgood
- Description modified (diff)
comment:2 Changed 17 years ago by cmlenz
- Resolution set to fixed
- Status changed from new to closed
Fixed in [774].
comment:3 Changed 17 years ago by cmlenz
- Component changed from General to Serialization
Note: See
TracTickets for help on using
tickets.
fix typo in the description