[Cheetahtemplate-discuss] ReplaceNone vs WebSafe
I'm working on some cheetah templates with web.py, and am stumbling on
a couple of problems with Filters filtering the output of #def
functions and #if statements. Here's the run-down:
The default filter web.py uses for Cheetah is WebSafe. AFAICS, that's
supposed to filter strings from placeholders, (like $name or
$unsafeString), so that the output is html-friendly. That makes sense
to me, because that data could come from anywhere.
What doesn't make sense is that it's also filtering the output of
#def's and #if's. Considering #def's and #if's are hard-coded into the
template (not produced from user input), I would think that they
contain safe data. However, if I define a #def such as this:
and I call $para('xyz'), it prints <p>xyz</> out to the
response, so that when you view the page in a browser, you see the
actual HTML code, rather than a paragraph of text.
The same thing with #if ... then .. #, for example, in a <select>
<option value='xyz'#if $input.sel == 'xyz' then "selected='yep'"
it prints out to the response [...] <option [...]
selected='yep&39;> [...]. As opposed to <option [...]
selected='yep'>, which is what I actually want.
This doesn't seem right to me. The obvious way around it is to use
#filter ReplaceNone [...] #end filter, whenever I call a #def or use
#if. But that gets *super* ugly, and it seems to defeat the purpose of
having a nice tidy #def in the first place.
Is there something wrong with my setup? Is this what's meant to
happen? Is there a better way around it?
Ben Hoyt, +64 21 331 841
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
Cheetahtemplate-discuss mailing list