2009/8/21 "Martin v. Löwis" <[email protected]>: >> FWIW lxml.html is pretty convenient to remove any dangerous tag, it's >> a one-liner >> that will get rid of any <form> <script> <embed> etc.. > > Hmm. Is there a library whose *explicit* purpose is to create "safe" > HTML. I would be hesitating to implement it myself.
Well, that's *one* of the explicit goal of lxml.html, see http://codespeak.net/lxml/lxmlhtml.html#cleaning-up-html I used to do it myself using SGMLParser (based on the well known active state recipe), then I discovered this one, which do the work fine. >> The reStructuredText format is an implicit rule from pypi and trying an >> rst2html process on server side, no matter what long_description contains, >> seem like a bad practice to me. > > I think it's not too bad. Since the long_description is either plain > text or ReST, the cost of misinterpretation is really low - ReST may > get mis-rendered as preformatted plain text, in which case it will > remain readable still. > Sure we can live with it, > [..] > > That could be done, either way, IMO. It might also be useful to have a > distutils command that generates a pypi-like page, so that people can > preview the rendered description. yes that's basically : $ python setup.py --long-description | rst2html.py > preview.html Maybe that could be a '--preview' option to the existing "register" command, to create that preview, to avoid adding an extra command for such a specific need Regards Tarek -- Tarek Ziadé | http://ziade.org _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
