If its only use is to make injecton safety a bit easier to achieve, it's worth it to me.

Does it make it easier? The “escape” for both is to just use unsafe version of the Template -> string function or explicitly mark an unsafe string as sanitised. Both seem similar in (un)safety

▲

davepeck 6 months ago | parent [-]

> the Template -> string function

There is no such function; Template.__str__() returns Template.__repr__() which is very unlikely to be useful. You pretty much have to process your Template instance in some way before converting to a string.

	▲	ratorx 6 months ago \| parent [-]
		Right, but it is possible to write a template -> string function that doesn’t sanitise and use it (or more realistically use the wrong one). Just as it’s possible to unsafely cast an unsafe string to a sanitised one and use it (rather than use a sanitise function that returns the wrapper type). They are both similar in their unsafety.