Use autoescape in blog demo.

2013-03-03 12:09:29 -05:00 · 2013-03-03 12:09:29 -05:00 · 17ec459c85
parent 9876ede0f2
commit 17ec459c85
7 changed files with 15 additions and 16 deletions
--- a/demos/blog/blog.py
+++ b/demos/blog/blog.py
@ -53,7 +53,7 @@ class Application(tornado.web.Application):
            xsrf_cookies=True,
            cookie_secret="__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__",
            login_url="/auth/login",
-            autoescape=None,
+            debug=True,
        )
        tornado.web.Application.__init__(self, handlers, **settings)

--- a/demos/blog/templates/archive.html
+++ b/demos/blog/templates/archive.html
@ -23,7 +23,7 @@
  <ul class="archive">
    {% for entry in entries %}
      <li>
-        <div class="title"><a href="/entry/{{ entry.slug }}">{{ escape(entry.title) }}</a></div>
+        <div class="title"><a href="/entry/{{ entry.slug }}">{{ entry.title }}</a></div>
        <div class="date">{{ locale.format_date(entry.published, full_format=True, shorter=True) }}</div>
      </li>
    {% end %}
--- a/demos/blog/templates/compose.html
+++ b/demos/blog/templates/compose.html
@ -2,8 +2,8 @@

 {% block body %}
  <form action="{{ request.path }}" method="post" class="compose">
-    <div style="margin-bottom:5px"><input name="title" type="text" class="title" value="{{ escape(entry.title) if entry else "" }}"/></div>
-    <div style="margin-bottom:5px"><textarea name="markdown" rows="30" cols="40" class="markdown">{{ escape(entry.markdown) if entry else "" }}</textarea></div>
+    <div style="margin-bottom:5px"><input name="title" type="text" class="title" value="{{ entry.title if entry else "" }}"/></div>
+    <div style="margin-bottom:5px"><textarea name="markdown" rows="30" cols="40" class="markdown">{{ entry.markdown if entry else "" }}</textarea></div>
    <div>
      <div style="float:right"><a href="http://daringfireball.net/projects/markdown/syntax">{{ _("Syntax documentation") }}</a></div>
      <input type="submit" value="{{ _("Save changes") if entry else _("Publish post") }}" class="submit"/>
@ -12,7 +12,7 @@
    {% if entry %}
      <input type="hidden" name="id" value="{{ entry.id }}"/>
    {% end %}
-    {{ xsrf_form_html() }}
+    {% module xsrf_form_html() %}
  </form>
 {% end %}

@ -39,4 +39,3 @@
  //]]>
  </script>
 {% end %}
-
--- a/demos/blog/templates/entry.html
+++ b/demos/blog/templates/entry.html
@ -1,5 +1,5 @@
 {% extends "base.html" %}

 {% block body %}
-  {{ modules.Entry(entry) }}
+  {% module Entry(entry) %}
 {% end %}
--- a/demos/blog/templates/feed.xml
+++ b/demos/blog/templates/feed.xml
@ -1,25 +1,25 @@
 <?xml version="1.0" encoding="utf-8"?>
 <feed xmlns="http://www.w3.org/2005/Atom">
  {% set date_format = "%Y-%m-%dT%H:%M:%SZ" %}
-  <title>{{ escape(handler.settings["blog_title"]) }}</title>
+  <title>{{ handler.settings["blog_title"] }}</title>
  {% if len(entries) > 0 %}
    <updated>{{ max(e.updated for e in entries).strftime(date_format) }}</updated>
  {% else %}
    <updated>{{ datetime.datetime.utcnow().strftime(date_format) }}</updated>
  {% end %}
  <id>http://{{ request.host }}/</id>
-  <link rel="alternate" href="http://{{ request.host }}/" title="{{ escape(handler.settings["blog_title"]) }}" type="text/html"/>
-  <link rel="self" href="{{ request.full_url() }}" title="{{ escape(handler.settings["blog_title"]) }}" type="application/atom+xml"/>
-  <author><name>{{ escape(handler.settings["blog_title"]) }}</name></author>
+  <link rel="alternate" href="http://{{ request.host }}/" title="{{ handler.settings["blog_title"] }}" type="text/html"/>
+  <link rel="self" href="{{ request.full_url() }}" title="{{ handler.settings["blog_title"] }}" type="application/atom+xml"/>
+  <author><name>{{ handler.settings["blog_title"] }}</name></author>
  {% for entry in entries %}
    <entry>
      <id>http://{{ request.host }}/entry/{{ entry.slug }}</id>
-      <title type="text">{{ escape(entry.title) }}</title>
+      <title type="text">{{ entry.title }}</title>
      <link href="http://{{ request.host }}/entry/{{ entry.slug }}" rel="alternate" type="text/html"/>
      <updated>{{ entry.updated.strftime(date_format) }}</updated>
      <published>{{ entry.published.strftime(date_format) }}</published>
      <content type="xhtml" xml:base="http://{{ request.host }}/">
-        <div xmlns="http://www.w3.org/1999/xhtml">{{ entry.html }}</div>
+        <div xmlns="http://www.w3.org/1999/xhtml">{% raw entry.html %}</div>
      </content>
    </entry>
  {% end %}
--- a/demos/blog/templates/home.html
+++ b/demos/blog/templates/home.html
@ -2,7 +2,7 @@

 {% block body %}
  {% for entry in entries %}
-    {{ modules.Entry(entry) }}
+    {% module Entry(entry) %}
  {% end %}
  <div><a href="/archive">{{ _("Archive") }}</a></div>
 {% end %}
--- a/demos/blog/templates/modules/entry.html
+++ b/demos/blog/templates/modules/entry.html
@ -1,7 +1,7 @@
 <div class="entry">
-  <h1><a href="/entry/{{ entry.slug }}">{{ escape(entry.title) }}</a></h1>
+  <h1><a href="/entry/{{ entry.slug }}">{{ entry.title }}</a></h1>
  <div class="date">{{ locale.format_date(entry.published, full_format=True, shorter=True) }}</div>
-  <div class="body">{{ entry.html }}</div>
+  <div class="body">{% raw entry.html %}</div>
  {% if current_user %}
    <div class="admin"><a href="/compose?id={{ entry.id }}">{{ _("Edit this post") }}</a></div>
  {% end %}