Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Added 'Safety and security' section to docs/design_philosophies.txt

git-svn-id: http://code.djangoproject.com/svn/django/trunk@1218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit e70be1181444a8a364feeaf27a79dcc8effc3171 1 parent fdf2738
Adrian Holovaty authored November 13, 2005

Showing 1 changed file with 17 additions and 2 deletions. Show diff stats Hide diff stats

  1. 19  docs/design_philosophies.txt
19  docs/design_philosophies.txt
@@ -175,7 +175,9 @@ a common header, footer, navigation bar, etc. The Django template system should
175 175
 make it easy to store those elements in a single place, eliminating duplicate
176 176
 code.
177 177
 
178  
-This is the philosophy behind template inheritance.
  178
+This is the philosophy behind `template inheritance`_.
  179
+
  180
+.. _template inheritance: http://www.djangoproject.com/documentation/templates/#template-inheritance
179 181
 
180 182
 Be decoupled from HTML
181 183
 ----------------------
@@ -197,7 +199,8 @@ Treat whitespace obviously
197 199
 
198 200
 The template system shouldn't do magic things with whitespace. If a template
199 201
 includes whitespace, the system should treat the whitespace as it treats text
200  
--- just display it.
  202
+-- just display it. Any whitespace that's not in a template tag should be
  203
+displayed.
201 204
 
202 205
 Don't invent a programming language
203 206
 -----------------------------------
@@ -211,6 +214,18 @@ The goal is not to invent a programming language. The goal is to offer just
211 214
 enough programming-esque functionality, such as branching and looping, that is
212 215
 essential for making presentation-related decisions.
213 216
 
  217
+The Django template system recognizes that templates are most often written by
  218
+*designers*, not *programmers*, and therefore should not assume Python
  219
+knowledge.
  220
+
  221
+Safety and security
  222
+-------------------
  223
+
  224
+The template system, out of the box, should forbid the inclusion of malicious
  225
+code -- such as commands that delete database records.
  226
+
  227
+This is another reason the template system doesn't allow arbitrary Python code.
  228
+
214 229
 Extensibility
215 230
 -------------
216 231
 

0 notes on commit e70be11

Please sign in to comment.
Something went wrong with that request. Please try again.