Filing a doc bug vs. Zola/Tera


The documentation for the Tera template engine should follow the example of its Python twin Jinja in explaining the " | safe" filter in the context of autoescaping, to avoid new adopters getting confused as to why internally configured URL references like {{ config.base_url }} are uselessly escaped.

Tera Autoescaping: https://tera.netlify.app/docs/#auto-escaping

Jinja Autoescaping and "safe" in context: https://jinja.palletsprojects.com/en/3.1.x/templates/#working-with-automatic-escaping

If you know you have data that is already safe but not marked, be sure to wrap it in Markup or use the |safe filter.

Jinja functions (macros, super, self.BLOCKNAME) always return template data that is marked as safe.

New adopter unaware of |safe : https://zola.discourse.group/t/adding-canonical-links-to-pages/1495

Resulting issue: Github: Keats/tera/issues/849

Today I Learned

Also see TIL OWASP Cheatsheets related to the autoescaping and more security goodies.

« Recurse Webring (Index; Random) »
Constellation Webring (Index; Random)