Loading ...
Sorry, an error occurred while loading the content.

Re: [Cheetahtemplate-discuss] Cheetah's Filtering

Expand Messages
  • andrea@cpushare.com
    ... Looks like a bug. I run in another WebSafe filtering problem with that may not be a bug but it s certainly not a feature either. The #include directive
    Message 1 of 2 , Jan 2, 2007
    • 0 Attachment
      On Tue, Nov 07, 2006 at 03:47:00PM -0000, Brian Bird wrote:
      > from Cheetah import Template
      >
      > source = """
      >
      > #def func(x)
      >
      > $x
      >
      > #end def
      >
      > $func("a&b")
      >
      > """
      >
      > t = Template.Template(source=source, filter="WebSafe")
      >
      > print t
      >
      >
      >
      > The output is
      >
      > a&b
      >
      >
      >
      > when I would have expected:
      >
      > a&b

      Looks like a bug.

      I run in another WebSafe filtering problem with that may not be a bug
      but it's certainly not a feature either.

      The #include directive resets the filter back to the default. So this
      means you're not really safe by using Template.Template(...,
      filter='WebSafe') if you ever used the #include directive anywhere in
      your code. I thought that loading the template with WebSafe was
      enough and I can't see anything in the docs that warns about the
      included files having to explicitly re-arm the WebSafe filter that
      gets deactivated at every new #include directive.

      Unfortunately what I'm suggesting is a change in backwards
      compatibility so I'm unsure if it's allowed, but I believe this is
      what the filtering API was supposed to be in the first place. The
      current API is asking for troubles (I introduced a bug in my code
      because of the current API that got fixed by applying the below patch
      to Cheetah, so this is a real life trouble... well as much as my
      project is real life in the first place ;). The risk in applying this
      patch is having to add some #filter RawOrEncodedUnicode if you
      depended on this misfeature that made RawOrEncodedUnicode the filter
      of the included files. And yes, I also depended on it in one place but
      I had to add a single #filter RawOrEncodedUnicode while the other
      approach would have required to round all included files (many) with
      #filter WebSafe at the top. If I had to add #filter WebSafe all over
      the place to be safe, then I could give it up with filter='WebSafe'
      completely and only use #filter WebSafe everywhere. It's pointless to
      use filter='WebSafe' if it takes care of only 10% of the templates, I
      prefer to use the same method to arm WebSafe for all templates.

      Here the proposed fix:

      Index: src/Template.py
      ===================================================================
      RCS file: /cvsroot/cheetahtemplate/Cheetah/src/Template.py,v
      retrieving revision 1.182
      diff -u -p -r1.182 Template.py
      --- src/Template.py 6 Jul 2006 23:09:04 -0000 1.182
      +++ src/Template.py 3 Jan 2007 00:24:10 -0000
      @@ -1525,6 +1525,10 @@ class Template(Servlet):
      nestedTemplateClass = compiler.compile(source=source,file=file)
      nestedTemplate = nestedTemplateClass(_preBuiltSearchList=self.searchList(),
      _globalSetVars=self._CHEETAH__globalSetVars)
      + # Set the inner template filters to the initial filter of the outer template:
      + # this is the only really safe way to use filter='WebSafe'.
      + nestedTemplate._CHEETAH__initialFilter = self._CHEETAH__initialFilter
      + nestedTemplate._CHEETAH__currentFilter = self._CHEETAH__initialFilter
      self._CHEETAH__cheetahIncludes[_includeID] = nestedTemplate
      else:
      if includeFrom == 'file':


      To reproduce use:

      echo \$x > y
      echo \#include \"y\" > x

      >>> from Cheetah.Template import Template
      >>> t = Template(file='x', filter='WebSafe')
      >>> t.x = '&'
      >>> t.respond()
      '&\n'



      Comments welcome.

      Thanks!

      -------------------------------------------------------------------------
      Take Surveys. Earn Cash. Influence the Future of IT
      Join SourceForge.net's Techsay panel and you'll get the chance to share your
      opinions on IT & business topics through brief surveys - and earn cash
      http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
      _______________________________________________
      Cheetahtemplate-discuss mailing list
      Cheetahtemplate-discuss@...
      https://lists.sourceforge.net/lists/listinfo/cheetahtemplate-discuss
    Your message has been successfully submitted and would be delivered to recipients shortly.