diff --git a/docs/ref/forms/widgets.txt b/docs/ref/forms/widgets.txt index 541f43dcb31749197f99c3349454bebdc19229fc..fe5920eee37cef345555b6cdcbf99a95bb62c857 100644 --- a/docs/ref/forms/widgets.txt +++ b/docs/ref/forms/widgets.txt @@ -569,7 +569,7 @@ Selector and checkbox widgets .. code-block:: html <ul> - <li><input type='radio' ...></li> + <li><input type='radio' name='...'></li> ... </ul> @@ -663,7 +663,7 @@ Selector and checkbox widgets .. code-block:: html <ul> - <li><input type='checkbox' ...></li> + <li><input type='checkbox' name='...' ></li> ... </ul> diff --git a/docs/ref/templates/api.txt b/docs/ref/templates/api.txt index a058ee032b6d483d4ad699899eb7baa546e7ca0e..0a50e5e2436f19f320d9480afba5ad4ba131ad4a 100644 --- a/docs/ref/templates/api.txt +++ b/docs/ref/templates/api.txt @@ -320,7 +320,7 @@ If you ``pop()`` too much, it'll raise >>> c.pop() Traceback (most recent call last): ... - django.template.ContextPopException + ContextPopException .. versionadded:: 1.7 diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index 516ddbe1de32f03c6b1b43b37cbef25b456b6603..da860c4bb74bad24c00eac009d70805bd2d6329a 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -108,7 +108,7 @@ Variables included in the cycle will be escaped. You can disable auto-escaping with:: {% for o in some_list %} - <tr class="{% autoescape off %}{% cycle rowvalue1 rowvalue2 %}{% endautoescape %} + <tr class="{% autoescape off %}{% cycle rowvalue1 rowvalue2 %}{% endautoescape %}"> ... </tr> {% endfor %} diff --git a/docs/topics/i18n/translation.txt b/docs/topics/i18n/translation.txt index a60a0a21613f5b2f500a34afdc232ea9059f437b..19ddef9244cd2d0adf5f79ae2b596109e5e59617 100644 --- a/docs/topics/i18n/translation.txt +++ b/docs/topics/i18n/translation.txt @@ -1329,7 +1329,9 @@ For example, if your Django app contained a translation string for the text _("Welcome to my site.") ...then :djadmin:`django-admin makemessages <makemessages>` will have created -a ``.po`` file containing the following snippet -- a message:: +a ``.po`` file containing the following snippet -- a message: + +.. code-block:: po #: path/to/python/module.py:23 msgid "Welcome to my site." diff --git a/docs/topics/security.txt b/docs/topics/security.txt index 3fe20a3cc332737a29bf89433740e67c022377b6..a3e656557b1cf2abd8d479901d26fa9d7d4fa159 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -31,7 +31,7 @@ protect the following: .. code-block:: html+django - <style class={{ var }}>...</style> + <style class="{{ var }}">...</style> If ``var`` is set to ``'class1 onmouseover=javascript:func()'``, this can result in unauthorized JavaScript execution, depending on how the browser renders diff --git a/docs/topics/templates.txt b/docs/topics/templates.txt index e50e7c96f7dc8cf12448c2ef1031436e59a44035..40e1e9e2c77e0162c7e3559928adcd2e3bc1f050 100644 --- a/docs/topics/templates.txt +++ b/docs/topics/templates.txt @@ -549,9 +549,10 @@ disabled. Here is an example template:: The auto-escaping tag passes its effect onto templates that extend the current one as well as templates included via the :ttag:`include` tag, -just like all block tags. For example:: +just like all block tags. For example: - # base.html +.. snippet:: + :filename: base.html {% autoescape off %} <h1>{% block title %}{% endblock %}</h1> @@ -559,18 +560,18 @@ just like all block tags. For example:: {% endblock %} {% endautoescape %} - - # child.html +.. snippet:: + :filename: child.html {% extends "base.html" %} - {% block title %}This & that{% endblock %} + {% block title %}This & that{% endblock %} {% block content %}{{ greeting }}{% endblock %} Because auto-escaping is turned off in the base template, it will also be turned off in the child template, resulting in the following rendered HTML when the ``greeting`` variable contains the string ``<b>Hello!</b>``:: - <h1>This & that</h1> + <h1>This & that</h1> <b>Hello!</b> Notes @@ -606,9 +607,9 @@ This means you would write :: {{ data|default:"3 < 2" }} -...rather than :: +...rather than:: - {{ data|default:"3 < 2" }} <-- Bad! Don't do this. + {{ data|default:"3 < 2" }} {# Bad! Don't do this. #} This doesn't affect what happens to data coming from the variable itself. The variable's contents are still automatically escaped, if necessary, because @@ -638,14 +639,18 @@ of all comments related to the current task with:: {{ task.comment_set.all.count }} And of course you can easily access methods you've explicitly defined on your -own models:: +own models: + +.. snippet:: + :filename: models.py - # In model class Task(models.Model): def foo(self): return "bar" - # In template +.. snippet:: + :filename: template.html + {{ task.foo }} Because Django intentionally limits the amount of logic processing available