Opened 9 months ago
Closed 9 months ago
#35296 closed Uncategorized (invalid)
The autoescape parameter to Engine() seems to have no effect on Context.
Reported by: | Roman Donchenko | Owned by: | nobody |
---|---|---|---|
Component: | Template system | Version: | 5.0 |
Severity: | Normal | Keywords: | |
Cc: | bcail | Triage Stage: | Unreviewed |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The reference documentation for django.template.Engine
says the following:
autoescape
controls whether HTML autoescaping is enabled. It defaults toTrue
.
Based on this, I would expect the following to print <>
:
import django.template django.template.Engine(autoescape=False) t = e.from_string('{{x}}') print(t.render(django.template.Context({'x': '<>'})))
But it doesn't, it prints <>
. So it seems that the autoescape
parameter does nothing.
Either the code should be updated to make the parameter work, or the docs should explain what it actually does.
Change History (3)
comment:1 by , 9 months ago
comment:2 by , 9 months ago
Cc: | added |
---|
comment:3 by , 9 months ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Summary: | The autoescape parameter to Engine() seems to have no effect → The autoescape parameter to Engine() seems to have no effect on Context. |
Context
has it's own autoescape
parameter that engine shouldn't override. You can pass Context
with autoespace=False
or use render_to_string()
with a template name.
I see the same result. It looks like the
Context
object has anautoescape
parameter (which defaults to True) - so that may sort of be overriding the engine value. But, I'm not sure the engine value is always checked where it should be.