Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Added 'Safety and security' section to docs/design_philosophies.txt

git-svn-id: http://code.djangoproject.com/svn/django/trunk@1218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit e70be1181444a8a364feeaf27a79dcc8effc3171 1 parent fdf2738
Adrian Holovaty adrianholovaty authored
Showing with 17 additions and 2 deletions.
  1. +17 −2 docs/design_philosophies.txt
19 docs/design_philosophies.txt
View
@@ -175,7 +175,9 @@ a common header, footer, navigation bar, etc. The Django template system should
make it easy to store those elements in a single place, eliminating duplicate
code.
-This is the philosophy behind template inheritance.
+This is the philosophy behind `template inheritance`_.
+
+.. _template inheritance: http://www.djangoproject.com/documentation/templates/#template-inheritance
Be decoupled from HTML
----------------------
@@ -197,7 +199,8 @@ Treat whitespace obviously
The template system shouldn't do magic things with whitespace. If a template
includes whitespace, the system should treat the whitespace as it treats text
--- just display it.
+-- just display it. Any whitespace that's not in a template tag should be
+displayed.
Don't invent a programming language
-----------------------------------
@@ -211,6 +214,18 @@ The goal is not to invent a programming language. The goal is to offer just
enough programming-esque functionality, such as branching and looping, that is
essential for making presentation-related decisions.
+The Django template system recognizes that templates are most often written by
+*designers*, not *programmers*, and therefore should not assume Python
+knowledge.
+
+Safety and security
+-------------------
+
+The template system, out of the box, should forbid the inclusion of malicious
+code -- such as commands that delete database records.
+
+This is another reason the template system doesn't allow arbitrary Python code.
+
Extensibility
-------------
Please sign in to comment.
Something went wrong with that request. Please try again.