http://simonwillison.net/2008-07-22T06:04:29+00:00Simon Willison2008-07-22T06:04:29+00:002008-07-22T06:04:29+00:00https://simonwillison.net/2008/Jul/22/alpha/#atom-tag

<p><strong><a href="http://www.djangoproject.com/documentation/release_notes_1.0_alpha/">Django 1.0 alpha release notes</a></strong></p> The big features are newforms-admin, unicode everywhere, the queryset-refactor ORM improvements and auto-escaping in templates. <p>Tags: <a href="https://simonwillison.net/tags/alpha">alpha</a>, <a href="https://simonwillison.net/tags/autoescaping">autoescaping</a>, <a href="https://simonwillison.net/tags/django">django</a>, <a href="https://simonwillison.net/tags/django-admin">django-admin</a>, <a href="https://simonwillison.net/tags/newformsadmin">newformsadmin</a>, <a href="https://simonwillison.net/tags/orm">orm</a>, <a href="https://simonwillison.net/tags/python">python</a>, <a href="https://simonwillison.net/tags/querysetrefactor">querysetrefactor</a>, <a href="https://simonwillison.net/tags/unicode">unicode</a></p>

2008-07-19T23:52:34+00:002008-07-19T23:52:34+00:00https://simonwillison.net/2008/Jul/19/jinja2/#atom-tag

<p><strong><a href="http://lucumr.pocoo.org/cogitations/2008/07/17/jinja2-final-aka-jinjavitus-released/">Jinja2 Final aka Jinjavitus Released</a></strong></p> The Jinja template engine now has auto-escaping as an optional feature, disabled by default. Worth considering as an almost drop-in replacement for Django’s template language if features such as macros and compilation to Python code appeal to you. <p>Tags: <a href="https://simonwillison.net/tags/autoescaping">autoescaping</a>, <a href="https://simonwillison.net/tags/django">django</a>, <a href="https://simonwillison.net/tags/jinja">jinja</a>, <a href="https://simonwillison.net/tags/python">python</a></p>

2007-12-01T20:34:08+00:002007-12-01T20:34:08+00:00https://simonwillison.net/2007/Dec/1/rails/#atom-tag

<p><strong><a href="http://railswarts.blogspot.com/2007/12/why-h-cant-rails-escape-automatically.html">Why the h can&#x27;t Rails escape HTML automatically?</a></strong></p> It would be a pretty huge change, but auto-escaping in Rails 2.0 could close up a lot of accidental XSS holes. <p>Tags: <a href="https://simonwillison.net/tags/autoescaping">autoescaping</a>, <a href="https://simonwillison.net/tags/django">django</a>, <a href="https://simonwillison.net/tags/rails">rails</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/xss">xss</a></p>

2007-11-14T17:05:55+00:002007-11-14T17:05:55+00:00https://simonwillison.net/2007/Nov/14/changeset/#atom-tag

<p><strong><a href="http://code.djangoproject.com/changeset/6671">Django Changeset 6671</a></strong></p> Malcolm Tredinnick: “Implemented auto-escaping of variable output in templates”. Fantastic—Django now has protection against accidental XSS holes, turned on by default. <p>Tags: <a href="https://simonwillison.net/tags/autoescaping">autoescaping</a>, <a href="https://simonwillison.net/tags/django">django</a>, <a href="https://simonwillison.net/tags/malcolm-tredinnick">malcolm-tredinnick</a>, <a href="https://simonwillison.net/tags/python">python</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/templating">templating</a>, <a href="https://simonwillison.net/tags/xss">xss</a></p>