Re: [Cheetahtemplate-discuss] HtmltextFilter and htmltext
Brought to you by:
rtyler,
tavis_rudd
From: Shannon -jj B. <jj...@gm...> - 2005-08-24 23:15:30
|
Instead of trying to treat this as *just* a simple filter, it should probably be treated as a Cheetah compiler option. This will allow you greater leverage to handle htmltext wherever you need to handle it. Best Regards, -jj On 8/24/05, ms...@oz... <ms...@oz...> wrote: > Recently we discussed HtmltextFilter, my strategy outlined in > http://linuxgazette.net/117/orr.html > for a smarter WebSafeFilter. It escapes HTML characters in arbitrary > placeholder values but not in htmltext instances, which are assumed to be > preapproved. >=20 > JJ suggested incorporating this into Cheetah, and pointed out that #def > methods would have to return htmltext or they would be escaped. I've bee= n > using HtmltextFilter in a project and just got bitten by this. My > workaround was to convert the function to Python returning htmltext and > put it in the searchList, but this loses access to a major Cheetah > feature. One could reset the filter to the default before each call and > then set it back, but that's too cluttery to consider. >=20 > The only way around this is to put _py_htmltext.py and _c_htmltext.c into > Cheetah, alter #def, and add HtmltextFilter. Tavis, have you had a chanc= e > to look at htmltext and see if you like it? >=20 > Cheetah doesn't have a problem using htmltext values. If the value gets > passed to a Python function, it could raise a fuss. We'd also have to > decide which type the final filled template would be. Since so many > people use str(t) to fill their templates, we should probably stick with > that. People can use htmltext(t) easily enough. >=20 > I haven't used unicode, but people say htmltext handles it OK. --=20 I have decided to switch to Gmail, but messages to my Yahoo account will still get through. |