diff options
Diffstat (limited to 'CHANGES.txt')
| -rw-r--r-- | CHANGES.txt | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index a2976d1a2..c58ff755b 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -37,6 +37,8 @@ Documentation - Added "What's New in Pyramid 1.1" to HTML rendering of documentation. +- Added API docs for ``pyramid.authentication.SessionAuthenticationPolicy``. + - Added API docs for ``pyramid.httpexceptions.responsecode``. - Added "HTTP Exceptions" section to Views narrative chapter including a @@ -45,6 +47,16 @@ Documentation Features -------- +- Add support for language fallbacks: when trying to translate for a + specific territory (such as ``en_GB``) fall back to translations + for the language (ie ``en``). This brings the translation behaviour in line + with GNU gettext and fixes partially translated texts when using C + extensions. + +- New authentication policy: + ``pyramid.authentication.SessionAuthenticationPolicy``, which uses a session + to store credentials. + - Accessing the ``response`` attribute of a ``pyramid.request.Request`` object (e.g. ``request.response`` within a view) now produces a new ``pyramid.response.Response`` object. This feature is meant to be used @@ -285,6 +297,13 @@ Deprecations Behavior Changes ---------------- +- The default Mako renderer is now configured to escape all HTML in + expression tags. This is intended to help prevent XSS attacks caused by + rendering unsanitized input from users. To revert this behavior in user's + templates, they need to filter the expression through the 'n' filter. + For example, ${ myhtml | n }. + See https://github.com/Pylons/pyramid/issues/193. + - A custom request factory is now required to return a request object that has a ``response`` attribute (or "reified"/lazy property) if they the request is meant to be used in a view that uses a renderer. This |