> FWIW lxml.html is pretty convenient to remove any dangerous tag, it's > a one-liner > that will get rid of any <form> <script> <embed> etc..
Hmm. Is there a library whose *explicit* purpose is to create "safe" HTML. I would be hesitating to implement it myself. > The reStructuredText format is an implicit rule from pypi and trying an > rst2html process on server side, no matter what long_description contains, > seem like a bad practice to me. I think it's not too bad. Since the long_description is either plain text or ReST, the cost of misinterpretation is really low - ReST may get mis-rendered as preformatted plain text, in which case it will remain readable still. > I'd like to see the nature of long_description explicitely declared in > the metadata > > For example we could have a "long_description_format" field that would > be 'text', 'html' or 'restructuredtext' Sounds fairly complex to me. I think I could accept it - but if html is removed from the list of allowed formats (which I think it should), then I don't think this this overhead is really needed. > Last, notice that there's a new command in distutils called "check" , > that can be used > to check if the long_description field content compiles well in > reStructuredText > This client-side process is convenient to avoid any error or warning > on the PyPI page. That could be done, either way, IMO. It might also be useful to have a distutils command that generates a pypi-like page, so that people can preview the rendered description. Regards, Martin _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
