Escaping in templates

Gervase Markham gerv at
Mon Feb 2 22:13:58 UTC 2004

Could someone who knows more about this than me come up with a simple 
set of rules, in words of one syllable, which detail when to use which 
sort of escaping in templates?

I've just done a patch for bug 232830, which was caused by using "FILTER 
html" when "FILTER url_quote" was required.

Do you url_quote anything which is part of a URL, and html anything 
else? Or is it not that simple? Do you ever need both?


More information about the developers mailing list