Permalink
Browse files

BACKWARDS-INCOMPATIBLE: turn on template autoescaping by default.

Disable autoescaping in demos that don't already use it.
  • Loading branch information...
1 parent 342c656 commit 26feb663aa3a94239b763653ca946cbbd922757f @bdarnell bdarnell committed Jun 12, 2011
Showing with 6 additions and 2 deletions.
  1. +1 −0 demos/appengine/blog.py
  2. +1 −0 demos/blog/blog.py
  3. +2 −1 demos/facebook/facebook.py
  4. +1 −0 demos/websocket/chatdemo.py
  5. +1 −1 tornado/template.py
@@ -151,6 +151,7 @@ def render(self, entry):
"template_path": os.path.join(os.path.dirname(__file__), "templates"),
"ui_modules": {"Entry": EntryModule},
"xsrf_cookies": True,
+ "autoescape": None,
}
application = tornado.wsgi.WSGIApplication([
(r"/", HomeHandler),
View
@@ -53,6 +53,7 @@ def __init__(self):
xsrf_cookies=True,
cookie_secret="11oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=",
login_url="/auth/login",
+ autoescape=None,
)
tornado.web.Application.__init__(self, handlers, **settings)
@@ -46,8 +46,9 @@ def __init__(self):
xsrf_cookies=True,
facebook_api_key=options.facebook_api_key,
facebook_secret=options.facebook_secret,
- ui_modules= {"Post": PostModule},
+ ui_modules={"Post": PostModule},
debug=True,
+ autoescape=None,
)
tornado.web.Application.__init__(self, handlers, **settings)
@@ -43,6 +43,7 @@ def __init__(self):
template_path=os.path.join(os.path.dirname(__file__), "templates"),
static_path=os.path.join(os.path.dirname(__file__), "static"),
xsrf_cookies=True,
+ autoescape=None,
)
tornado.web.Application.__init__(self, handlers, **settings)
View
@@ -90,7 +90,7 @@ def add(x, y):
from tornado import escape
from tornado.util import bytes_type
-_DEFAULT_AUTOESCAPE = None
+_DEFAULT_AUTOESCAPE = "xhtml_escape"
_UNSET = object()
class Template(object):

0 comments on commit 26feb66

Please sign in to comment.