Loading docs/ref/forms/widgets.txt +2 −2 Original line number Diff line number Diff line Loading @@ -562,7 +562,7 @@ Selector and checkbox widgets .. code-block:: html <ul> <li><input type='radio' ...></li> <li><input type='radio' name='...'></li> ... </ul> Loading Loading @@ -658,7 +658,7 @@ the widget. .. code-block:: html <ul> <li><input type='checkbox' ...></li> <li><input type='checkbox' name='...' ></li> ... </ul> Loading docs/ref/templates/api.txt +1 −1 Original line number Diff line number Diff line Loading @@ -320,7 +320,7 @@ If you ``pop()`` too much, it'll raise >>> c.pop() Traceback (most recent call last): ... django.template.ContextPopException ContextPopException .. versionadded:: 1.7 Loading docs/topics/i18n/translation.txt +3 −1 Original line number Diff line number Diff line Loading @@ -1326,7 +1326,9 @@ For example, if your Django app contained a translation string for the text _("Welcome to my site.") ...then :djadmin:`django-admin.py makemessages <makemessages>` will have created a ``.po`` file containing the following snippet -- a message:: a ``.po`` file containing the following snippet -- a message: .. code-block:: po #: path/to/python/module.py:23 msgid "Welcome to my site." Loading docs/topics/security.txt +1 −1 Original line number Diff line number Diff line Loading @@ -31,7 +31,7 @@ protect the following: .. code-block:: html+django <style class={{ var }}>...</style> <style class="{{ var }}">...</style> If ``var`` is set to ``'class1 onmouseover=javascript:func()'``, this can result in unauthorized JavaScript execution, depending on how the browser renders Loading docs/topics/templates.txt +16 −11 Original line number Diff line number Diff line Loading @@ -549,9 +549,10 @@ disabled. Here is an example template:: The auto-escaping tag passes its effect onto templates that extend the current one as well as templates included via the :ttag:`include` tag, just like all block tags. For example:: just like all block tags. For example: # base.html .. snippet:: :filename: base.html {% autoescape off %} <h1>{% block title %}{% endblock %}</h1> Loading @@ -559,18 +560,18 @@ just like all block tags. For example:: {% endblock %} {% endautoescape %} # child.html .. snippet:: :filename: child.html {% extends "base.html" %} {% block title %}This & that{% endblock %} {% block title %}This & that{% endblock %} {% block content %}{{ greeting }}{% endblock %} Because auto-escaping is turned off in the base template, it will also be turned off in the child template, resulting in the following rendered HTML when the ``greeting`` variable contains the string ``<b>Hello!</b>``:: <h1>This & that</h1> <h1>This & that</h1> <b>Hello!</b> Notes Loading Loading @@ -608,7 +609,7 @@ This means you would write :: ...rather than:: {{ data|default:"3 < 2" }} <-- Bad! Don't do this. {{ data|default:"3 < 2" }} {# Bad! Don't do this. #} This doesn't affect what happens to data coming from the variable itself. The variable's contents are still automatically escaped, if necessary, because Loading Loading @@ -638,14 +639,18 @@ of all comments related to the current task with:: {{ task.comment_set.all.count }} And of course you can easily access methods you've explicitly defined on your own models:: own models: .. snippet:: :filename: models.py # In model class Task(models.Model): def foo(self): return "bar" # In template .. snippet:: :filename: template.html {{ task.foo }} Because Django intentionally limits the amount of logic processing available Loading Loading
docs/ref/forms/widgets.txt +2 −2 Original line number Diff line number Diff line Loading @@ -562,7 +562,7 @@ Selector and checkbox widgets .. code-block:: html <ul> <li><input type='radio' ...></li> <li><input type='radio' name='...'></li> ... </ul> Loading Loading @@ -658,7 +658,7 @@ the widget. .. code-block:: html <ul> <li><input type='checkbox' ...></li> <li><input type='checkbox' name='...' ></li> ... </ul> Loading
docs/ref/templates/api.txt +1 −1 Original line number Diff line number Diff line Loading @@ -320,7 +320,7 @@ If you ``pop()`` too much, it'll raise >>> c.pop() Traceback (most recent call last): ... django.template.ContextPopException ContextPopException .. versionadded:: 1.7 Loading
docs/topics/i18n/translation.txt +3 −1 Original line number Diff line number Diff line Loading @@ -1326,7 +1326,9 @@ For example, if your Django app contained a translation string for the text _("Welcome to my site.") ...then :djadmin:`django-admin.py makemessages <makemessages>` will have created a ``.po`` file containing the following snippet -- a message:: a ``.po`` file containing the following snippet -- a message: .. code-block:: po #: path/to/python/module.py:23 msgid "Welcome to my site." Loading
docs/topics/security.txt +1 −1 Original line number Diff line number Diff line Loading @@ -31,7 +31,7 @@ protect the following: .. code-block:: html+django <style class={{ var }}>...</style> <style class="{{ var }}">...</style> If ``var`` is set to ``'class1 onmouseover=javascript:func()'``, this can result in unauthorized JavaScript execution, depending on how the browser renders Loading
docs/topics/templates.txt +16 −11 Original line number Diff line number Diff line Loading @@ -549,9 +549,10 @@ disabled. Here is an example template:: The auto-escaping tag passes its effect onto templates that extend the current one as well as templates included via the :ttag:`include` tag, just like all block tags. For example:: just like all block tags. For example: # base.html .. snippet:: :filename: base.html {% autoescape off %} <h1>{% block title %}{% endblock %}</h1> Loading @@ -559,18 +560,18 @@ just like all block tags. For example:: {% endblock %} {% endautoescape %} # child.html .. snippet:: :filename: child.html {% extends "base.html" %} {% block title %}This & that{% endblock %} {% block title %}This & that{% endblock %} {% block content %}{{ greeting }}{% endblock %} Because auto-escaping is turned off in the base template, it will also be turned off in the child template, resulting in the following rendered HTML when the ``greeting`` variable contains the string ``<b>Hello!</b>``:: <h1>This & that</h1> <h1>This & that</h1> <b>Hello!</b> Notes Loading Loading @@ -608,7 +609,7 @@ This means you would write :: ...rather than:: {{ data|default:"3 < 2" }} <-- Bad! Don't do this. {{ data|default:"3 < 2" }} {# Bad! Don't do this. #} This doesn't affect what happens to data coming from the variable itself. The variable's contents are still automatically escaped, if necessary, because Loading Loading @@ -638,14 +639,18 @@ of all comments related to the current task with:: {{ task.comment_set.all.count }} And of course you can easily access methods you've explicitly defined on your own models:: own models: .. snippet:: :filename: models.py # In model class Task(models.Model): def foo(self): return "bar" # In template .. snippet:: :filename: template.html {{ task.foo }} Because Django intentionally limits the amount of logic processing available Loading
