xml escapedness
Tim van der Leeuw
tnleeuw at gmail.com
Fri Feb 22 11:25:51 EST 2008
On Fri, Feb 22, 2008 at 5:17 PM, Robin Becker <robin at reportlab.com> wrote:
> A colleague has decided to keep his django database string values (which
> are xml
> fragments) in an xml escaped form to avoid having the problem of escaping
> them
> when they are used in templates etc etc.
>
> Unfortunately he found that the normal admin doesn't escape on the way
> through
> so thought of adding a standard mechanism to the save methods. However,
> this
> brings in the possibility of escaping twice ie once in his original
> capture code
> and then in the django save methods.
>
Well -- you escape them in the save() method only when they contain XML
charachters like <, > ? How about that, wouldn't that work?
--Tim
>
> I suggested he could use a subclass of str to represent escaped strings
> and an
> escape function which leaves the subclass instances alone so
>
> class xmlstr(str):
> pass
>
> from xml.sax.saxutils import escape
> def xmlEscape(s):
> if isinstance(s,xmlstr): return s
> return xmlstr(escape(s))
>
> this works up to a point, but anything which modifies the string reverts
> to the
> base class (as it probably should).
>
> type(xmlstr('<') + '') is type(str)
>
> clearly there are a large number of operations which should be overridden
> or
> just hidden to prevent the wrong outcome; has anyone else thought about
> this in
> any detail?
> --
> Robin Becker
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20080222/6fa02574/attachment.html>
More information about the Python-list
mailing list