Django ponies: Proposals for Django 1.2

Blog de Simon Willison Posted on September 29, 2009

I’ve decided to step up my involvement in Django development in the run-up to Django 1.2, so I’m currently going through several years worth of accumulated pony requests figuring out which ones are worth advocating for. I’m also ensuring I have the code to back them up—my innocent AutoEscaping proposal a few years ago resulted ...

Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems

Blog de Simon Willison Posted on April 14, 2009

Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems (via). The Google Online Security Blog reminds us that simply HTML-escaping everything isn’t enough—the type of escaping needed depends on the current markup context, for example variables inside JavaScript blocks should be escaped differently. Google’s open source Ctemplate library uses an HTML parser to keep track ...

ctemplate django escaping google html opensource security xss

django-html

Blog de Simon Willison Posted on September 10, 2008

django-html. A small project I’m working on to make Django behave better with regards to HTML v.s. XHTML.

django djangohtml html projects python xhtml