Mercurial > genshi > mirror

diff doc/templates.txt @ 545:619340e2d805 trunk

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Support for Python code blocks in templates can now be disabled. Closes #123.
author cmlenz
date Thu, 28 Jun 2007 23:00:24 +0000
parents 1bdccd3bda00
children 1da8de3e5e51 acf7c5ee36e7
line wrap: on
line diff
--- a/doc/templates.txt
+++ b/doc/templates.txt
@@ -240,6 +240,14 @@
 design. If you're using many code blocks, that may be a sign that you should
 move such code into separate Python modules.
 
+If you'd rather not allow the use of Python code blocks in templates, you can
+simply set the ``allow_exec`` parameter (available on the ``Template`` and the
+``TemplateLoader`` initializers) to ``False``. In that case Genshi will raise
+a syntax error when a ``<?python ?>`` processing instruction is encountered.
+But please note that disallowing code blocks in templates does not turn Genshi
+into a sandboxable template engine; there are sufficient ways to do harm even
+using plain expressions.
+
 .. note:: Code blocks are not currently supported in text templates.
Copyright (C) 2012-2017 Edgewall Software