From: Ian B. <ia...@co...> - 2001-06-04 19:20:53
|
Tavis Rudd <ta...@ca...> wrote: > To be honest this was never high on my list as I never > use WYSIWYG tools that muck with your sourcecode. I'm > like you and use Emacs for everything. > However, many use nothing but WYSIWYG tools and it's > a worthy goal to give them something usable. Another reason this is a good goal: no one seems to do it. I've seen *very* few template systems that are friendly to WYSIWYG editors. I don't know quite why, except perhaps that, like you, most people designing the template language use text editors. Also, people shouldn't just be able to use WYSIWYG tools, but people who use these should be able to interact well with people who don't. So, while you *can* use explicit terminators instead of newlines, once someone uses newlines the template becomes inaccessible to WYSIWYG users. [snipsnip] > > * Relatively safe to delegate responsibility (kind of > > like Zope). For the most part I trust my users not to do > > anything too bad, but they will make mistakes. They > > should be able to figure out what they've done wrong, and > > they shouldn't have any access to Python code. I > > consider putting their HTML into a different directory > > from code to be sufficient security for the most part. > > That was one of my original goals, but I shifted away from it > upon realizing how complex things can become. The hooks > for code security validation are in place so it is possible to > build it up if anyone is interested in 'safe-delegation' that > guards against malicious stuff. In a declarative syntax, of course, security is assured by definition. I.e., a declarative page doesn't *do* anything, it simply is. Of course, it is hard to mix user code and enforce that the page is functional in this form. I consider it more of an issue of perspective. > > * It really should be usable for non-HTML code, > > specifically form emails. This is where a number of my > > trials have failed. > Trials with what? TS or what you're working on? TS is > designed to be used with an text not just HTML. The > SkeletonPage framework is HTML specific, but SkeletonPage > is not TS. The ZPT-like HTML-based syntax. > > It uses tags like [varname]...[/varname] to define > > structure. The resources title, keywords, description, > > and body are also taken from the HTML. > > What do you mean by "structure"? That the document has, umm... structure. Like it has a title, body, etc., as opposed to being a hunk of text. > > The SitePageServletFactory I posted earlier does just the > > simplest stripping of title, body, keywords, and > > description elements, but has a similar intention. > > Stripping to get rid of them, or stripping to keep this info? Stripping to get the info. Ian |