New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should set blocks be safe by default? #490
Comments
+1, as I also got bitten by this... Since the doc gives this example:
This really makes you expect that you'll get non-escaped HTML when using it, like you'd get for a macro. |
If/when this does get implemented, I think something deeper is off about the 'block set' implementation that probably needs addressing at the same time... Over in issue #486, it was suggested to use a However, the
As of v2.8, this renders |
I agree it would be reasonable to change this. I think this might have been the result of an optimization. |
When fixing this let's make sure that in case of something like this,
|
I just hit this issue as well. My workaround:
|
Thanks Armin! |
And make this version the minimal required version.
And make this version the minimal required version.
And make this version the minimal required version.
And make this version the minimal required version.
And make this version the minimal required version. git-svn-id: http://trac.edgewall.org/intertrac/log:/trunk@15449 af82e41b-90c4-0310-8c96-b1721e28e2e2
Right now this testcase would fail:
The contents of a set block is very similar to a macro though, so I think this behavior is not what you'd expect. Especially since you easily get double escaping, as shown in an extended version of the testcase above:
If I add the
safe
filter to my set block (added in #489) the testcase passes fine, but I think this is the most common use case and thus shouldn't require a filter.The text was updated successfully, but these errors were encountered: