Restrict Django Templates From Deleting Data.

Django allows method calls inside template system. Though this is an useful feature, some of the methods will have side effects. Mostly the ones that alter data.
Say, for instance, you have a UserAccount object that has a delete() method. If a template includes something like {{ account.delete }}, where account is a UserAccount object, the object would be deleted when the template is rendered!

To prevent this, set the function attribute alters_data on the method:

def delete(self):
# Delete the account
delete.alters_data = True

The template system won’t execute any method marked in this way. Continuing the above example, if a template includes {{ account.delete }} and the delete() method has the alters_data=True, then the delete() method will not be executed when the template is rendered. Instead, it will fail silently.

One Reply to “Restrict Django Templates From Deleting Data.”

Leave a Reply

Your email address will not be published. Required fields are marked *