Added 'Safety and security' section to docs/design_philosophies.txt

git-svn-id: http://code.djangoproject.com/svn/django/trunk@1218 bcc190cf-cafb-0310-a4f2-bffc1f526a37

1 files changed, 17 insertions, 2 deletions

diff --git a/docs/design_philosophies.txt b/docs/design_philosophies.txt
index 2988672f02..89a537da17 100644
--- a/docs/design_philosophies.txt
+++ b/docs/design_philosophies.txt
@@ -175,7 +175,9 @@ a common header, footer, navigation bar, etc. The Django template system should
 make it easy to store those elements in a single place, eliminating duplicate
 code.
 
-This is the philosophy behind template inheritance.
+This is the philosophy behind `template inheritance`_.
+
+.. _template inheritance: http://www.djangoproject.com/documentation/templates/#template-inheritance
 
 Be decoupled from HTML
 ----------------------
@@ -197,7 +199,8 @@ Treat whitespace obviously
 
 The template system shouldn't do magic things with whitespace. If a template
 includes whitespace, the system should treat the whitespace as it treats text
--- just display it.
+-- just display it. Any whitespace that's not in a template tag should be
+displayed.
 
 Don't invent a programming language
 -----------------------------------
@@ -211,6 +214,18 @@ The goal is not to invent a programming language. The goal is to offer just
 enough programming-esque functionality, such as branching and looping, that is
 essential for making presentation-related decisions.
 
+The Django template system recognizes that templates are most often written by
+*designers*, not *programmers*, and therefore should not assume Python
+knowledge.
+
+Safety and security
+-------------------
+
+The template system, out of the box, should forbid the inclusion of malicious
+code -- such as commands that delete database records.
+
+This is another reason the template system doesn't allow arbitrary Python code.
+
 Extensibility
 -------------