Opened 9 months ago

Closed 9 months ago

#35296 closed Uncategorized (invalid)

The autoescape parameter to Engine() seems to have no effect on Context.

Reported by: Roman Donchenko Owned by: nobody
Component: Template system Version: 5.0
Severity: Normal Keywords:
Cc: bcail Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The reference documentation for django.template.Engine says the following:

  • autoescape controls whether HTML autoescaping is enabled. It defaults to True.

Based on this, I would expect the following to print <>:

import django.template
django.template.Engine(autoescape=False)
t = e.from_string('{{x}}')
print(t.render(django.template.Context({'x': '<>'})))

But it doesn't, it prints &lt;&gt;. So it seems that the autoescape parameter does nothing.

Either the code should be updated to make the parameter work, or the docs should explain what it actually does.

Change History (3)

comment:1 by bcail, 9 months ago

I see the same result. It looks like the Context object has an autoescape parameter (which defaults to True) - so that may sort of be overriding the engine value. But, I'm not sure the engine value is always checked where it should be.

comment:2 by bcail, 9 months ago

Cc: bcail added

comment:3 by Mariusz Felisiak, 9 months ago

Resolution: invalid
Status: newclosed
Summary: The autoescape parameter to Engine() seems to have no effectThe autoescape parameter to Engine() seems to have no effect on Context.

Context has it's own autoescape parameter that engine shouldn't override. You can pass Context with autoespace=False or use render_to_string() with a template name.

Note: See TracTickets for help on using tickets.
Back to Top