Browse files

Added 'Safety and security' section to docs/design_philosophies.txt

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent fdf2738 commit e70be1181444a8a364feeaf27a79dcc8effc3171 @adrianholovaty adrianholovaty committed Nov 13, 2005
Showing with 17 additions and 2 deletions.
  1. +17 −2 docs/design_philosophies.txt
@@ -175,7 +175,9 @@ a common header, footer, navigation bar, etc. The Django template system should
make it easy to store those elements in a single place, eliminating duplicate
-This is the philosophy behind template inheritance.
+This is the philosophy behind `template inheritance`_.
+.. _template inheritance:
Be decoupled from HTML
@@ -197,7 +199,8 @@ Treat whitespace obviously
The template system shouldn't do magic things with whitespace. If a template
includes whitespace, the system should treat the whitespace as it treats text
--- just display it.
+-- just display it. Any whitespace that's not in a template tag should be
Don't invent a programming language
@@ -211,6 +214,18 @@ The goal is not to invent a programming language. The goal is to offer just
enough programming-esque functionality, such as branching and looping, that is
essential for making presentation-related decisions.
+The Django template system recognizes that templates are most often written by
+*designers*, not *programmers*, and therefore should not assume Python
+Safety and security
+The template system, out of the box, should forbid the inclusion of malicious
+code -- such as commands that delete database records.
+This is another reason the template system doesn't allow arbitrary Python code.

0 comments on commit e70be11

Please sign in to comment.