Loading ...
Sorry, an error occurred while loading the content.
 

Re: [Cheetahtemplate-discuss] Double escaping

Expand Messages
  • Tavis Rudd
    Hi Mike, I personally never use the WebSafe filter so I haven t run into this and haven t thought about it much. However, I suspect a good solution is to have
    Message 1 of 2 , Dec 11, 2007
      Hi Mike,
      I personally never use the WebSafe filter so I haven't run into this and
      haven't thought about it much. However, I suspect a good solution is to
      have the filter return output that is wrapped in a special subclass of str
      that signals to future calls of the filter that it has already been escaped.
      This would require very little code to implement and is certainly a lot
      simpler than messing with VFFSL.
      Tavis

      On Tue, 11 Dec 2007, Mike Wiacek wrote:

      > If you read my original message, the basic idea is that if you have a #def
      > in a template, any placeholders used within the function get passed to the
      > filter, but then the entire result of the function is passed to the filter
      > again. For things like html escaping, this results in <h1> being convered
      > to <h1> which then converts to &lt;h1&gt; which is nonsense
      > and would render at <h1> in the browser.
      >
      > On Dec 11, 2007 12:01 PM, Tavis Rudd <tavis@...> wrote:
      >
      >> Hi Mike,
      >> I'm not sure I follow, but if you have time to code up a patch that
      >> optionally adds this behaviour at template compile time, I'd be happy to
      >> take a look.
      >> Cheers,
      >> Tavis
      >>
      >> On Tue, 11 Dec 2007, Mike Wiacek wrote:
      >>
      >>> (i posted to the mailing list from minighost@gmail, this is my real
      >> email
      >>> account).
      >>>
      >>> So the solution I was playing with in my mind to prevent the double
      >> escaping
      >>> was to modify the NameMapper so that when
      >>> VFFSL returns, it returns a tuple where the first element is actual
      >> string,
      >>> and the second element is some type of identifier
      >>> that we pass to the filter. This way the filter can tell if the
      >>> placeholder was a simple substitution, or a more complex call
      >>> to a template method, if statement, etc.
      >>>
      >>> Does that seem reasonable?
      >>>
      >>> ..mike
      >>>
      >>> --
      >>> Mike Wiacek
      >>>
      >>> "... the people who are crazy enough to think
      >>> they can change the world, are the ones who do."
      >>>
      >>
      >
      >
      >
      > --
      > Mike Wiacek
      >
      > "... the people who are crazy enough to think
      > they can change the world, are the ones who do."
      >

      -------------------------------------------------------------------------
      SF.Net email is sponsored by:
      Check out the new SourceForge.net Marketplace.
      It's the best place to buy or sell services for
      just about anything Open Source.
      http://sourceforge.net/services/buy/index.php
      _______________________________________________
      Cheetahtemplate-discuss mailing list
      Cheetahtemplate-discuss@...
      https://lists.sourceforge.net/lists/listinfo/cheetahtemplate-discuss
    Your message has been successfully submitted and would be delivered to recipients shortly.