How do sanitizers work runtime? #199
Comments
|
basically.
The ContextualAutoescaper determines the 'context' for each piece of
dynamic content and then adds escaping directives to the AST. The
individual backends just generate code to invoke the directives, they don't
actually make sanitization decisions.
The one caveat is that the backends ensure that strings produced by
template blocks are marked as safe. So the result of every {template},
{let} and {param} block is annotated.
…On Wed, Dec 25, 2019 at 11:38 PM Gábor Sebestyén ***@***.***> wrote:
Happy Holidays,
I'm working on Swift port of closure templates and I need your guidance on
how content sanitizers are used runtime. At which points are they invoked
on what targets?
I ran through the Python code generator and learnt that variables passed
through calling other templates are marked dirty and some kind of
sanitization are done just before appending to output.
Are my assumptions correct?
Thanks,
Gábor
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#199?email_source=notifications&email_token=AABTJXARG3WFMUX26XLNMZDQ2RNOJA5CNFSM4J7JCR62YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4ICVMXEA>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABTJXEKDXIB4E7BCXK5SD3Q2RNOJANCNFSM4J7JCR6Q>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Happy Holidays,
I'm working on Swift port of closure templates and I need your guidance on how content sanitizers are used runtime. At which points are they invoked on what targets?
I ran through the Python code generator and learnt that variables passed through calling other templates are marked dirty and some kind of sanitization are done just before appending to output.
Are my assumptions correct?
Thanks,
Gábor
The text was updated successfully, but these errors were encountered: