BACKWARDS-INCOMPATIBLE: turn on template autoescaping by default.

author Ben Darnell <ben@bendarnell.com>

Sun, 12 Jun 2011 00:22:09 +0000 (17:22 -0700)

committer Ben Darnell <ben@bendarnell.com>

Sun, 12 Jun 2011 00:22:09 +0000 (17:22 -0700)
author Ben Darnell <ben@bendarnell.com>
Sun, 12 Jun 2011 00:22:09 +0000 (17:22 -0700)
committer Ben Darnell <ben@bendarnell.com>
Sun, 12 Jun 2011 00:22:09 +0000 (17:22 -0700)
diff --git a/demos/appengine/blog.py b/demos/appengine/blog.py

index ccaabd539267a346cb9cec1cc50acaba40629fbc..1f79bb62bf3b85a6a1ce24dcd2e1fa9f7e0d1842 100644 (file)
--- a/demos/appengine/blog.py
+++ b/demos/appengine/blog.py
@@ -151,6 +151,7 @@ settings = {
      "template_path": os.path.join(os.path.dirname(__file__), "templates"),
      "ui_modules": {"Entry": EntryModule},
      "xsrf_cookies": True,
+    "autoescape": None,
  }
  application = tornado.wsgi.WSGIApplication([
      (r"/", HomeHandler),
diff --git a/demos/blog/blog.py b/demos/blog/blog.py

index 808a9afc55adcc0cc487ed15c5755fe55a64957a..94c7a67a41aac34bc58f12ff5f2965051709ec34 100755 (executable)
--- a/demos/blog/blog.py
+++ b/demos/blog/blog.py
@@ -53,6 +53,7 @@ class Application(tornado.web.Application):
              xsrf_cookies=True,
              cookie_secret="11oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=",
              login_url="/auth/login",
+            autoescape=None,
          )
          tornado.web.Application.__init__(self, handlers, **settings)
  
diff --git a/demos/facebook/facebook.py b/demos/facebook/facebook.py

index c6b8c2468978dc8d87de89ea0a6144ffadd3c306..c57cb2179ff2b06a6a41792352737d4225ec0a0b 100755 (executable)
--- a/demos/facebook/facebook.py
+++ b/demos/facebook/facebook.py
@@ -46,8 +46,9 @@ class Application(tornado.web.Application):
              xsrf_cookies=True,
              facebook_api_key=options.facebook_api_key,
              facebook_secret=options.facebook_secret,
-            ui_modules= {"Post": PostModule},
+            ui_modules={"Post": PostModule},
              debug=True,
+            autoescape=None,
          )
          tornado.web.Application.__init__(self, handlers, **settings)
  
diff --git a/demos/websocket/chatdemo.py b/demos/websocket/chatdemo.py

index dd5a48db8fda1c4b6efeb95db4f4cf1a434157f2..21648ebe11da1c17bb6137f39c019a0114f76de4 100755 (executable)
--- a/demos/websocket/chatdemo.py
+++ b/demos/websocket/chatdemo.py
@@ -43,6 +43,7 @@ class Application(tornado.web.Application):
              template_path=os.path.join(os.path.dirname(__file__), "templates"),
              static_path=os.path.join(os.path.dirname(__file__), "static"),
              xsrf_cookies=True,
+            autoescape=None,
          )
          tornado.web.Application.__init__(self, handlers, **settings)
  
diff --git a/tornado/template.py b/tornado/template.py

index ceea6f5c82c9607db8a1b12c2b510702dd0d3904..243b04ceecc610dae9b096e4d5c988855c2833df 100644 (file)
--- a/tornado/template.py
+++ b/tornado/template.py
@@ -90,7 +90,7 @@ import re
  from tornado import escape
  from tornado.util import bytes_type
  
-_DEFAULT_AUTOESCAPE = None
+_DEFAULT_AUTOESCAPE = "xhtml_escape"
  _UNSET = object()
  
  class Template(object):
author	Ben Darnell <ben@bendarnell.com>
	Sun, 12 Jun 2011 00:22:09 +0000 (17:22 -0700)
committer	Ben Darnell <ben@bendarnell.com>
	Sun, 12 Jun 2011 00:22:09 +0000 (17:22 -0700)
demos/appengine/blog.py		patch \| blob \| blame \| history
demos/blog/blog.py		patch \| blob \| blame \| history
demos/facebook/facebook.py		patch \| blob \| blame \| history
demos/websocket/chatdemo.py		patch \| blob \| blame \| history
tornado/template.py		patch \| blob \| blame \| history