diff options
author | Adrian Holovaty <adrian@holovaty.com> | 2005-11-13 22:59:51 +0000 |
---|---|---|
committer | Adrian Holovaty <adrian@holovaty.com> | 2005-11-13 22:59:51 +0000 |
commit | e70be1181444a8a364feeaf27a79dcc8effc3171 (patch) | |
tree | 1d7744abe3ec1603ad4ff7a42d7904a5af977ca1 | |
parent | fdf2738f0efe108152fb5812fb04d0ae79f39ca8 (diff) | |
download | django-e70be1181444a8a364feeaf27a79dcc8effc3171.tar.gz |
Added 'Safety and security' section to docs/design_philosophies.txt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r-- | docs/design_philosophies.txt | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/docs/design_philosophies.txt b/docs/design_philosophies.txt index 2988672f02..89a537da17 100644 --- a/docs/design_philosophies.txt +++ b/docs/design_philosophies.txt @@ -175,7 +175,9 @@ a common header, footer, navigation bar, etc. The Django template system should make it easy to store those elements in a single place, eliminating duplicate code. -This is the philosophy behind template inheritance. +This is the philosophy behind `template inheritance`_. + +.. _template inheritance: http://www.djangoproject.com/documentation/templates/#template-inheritance Be decoupled from HTML ---------------------- @@ -197,7 +199,8 @@ Treat whitespace obviously The template system shouldn't do magic things with whitespace. If a template includes whitespace, the system should treat the whitespace as it treats text --- just display it. +-- just display it. Any whitespace that's not in a template tag should be +displayed. Don't invent a programming language ----------------------------------- @@ -211,6 +214,18 @@ The goal is not to invent a programming language. The goal is to offer just enough programming-esque functionality, such as branching and looping, that is essential for making presentation-related decisions. +The Django template system recognizes that templates are most often written by +*designers*, not *programmers*, and therefore should not assume Python +knowledge. + +Safety and security +------------------- + +The template system, out of the box, should forbid the inclusion of malicious +code -- such as commands that delete database records. + +This is another reason the template system doesn't allow arbitrary Python code. + Extensibility ------------- |