On 5/5/07, Qiangning Hong <[EMAIL PROTECTED]> wrote:
> I'm porting from genshi to mako for my blog application, and found two
> important features lack in mako:
>
> 1. auto html escaping. I must escape explicitly in mako to avoid XSS
> attack. It's error-prone, but i can live with that.
> 2. auto close open tags in HTML. In genshi, HTML() function will
> close open tags automatically. e.g. HTML('<i>asdf') will produce
> '<i>asdf</i>'. It can avoid users' input to mess up with the page
> layout, that's very important for a system allowing users to input
> html directly.
>
> Is there an equivalent in mako?
Genshi has a real advantage in this situation because of how it does things:
* It knows whether the HTML was typed in explicitly in the template or
whether it came from a variable containing user data. Hence, it can
be smart about escaping by default. This is one of my favorite
features of Genshi.
* Genshi really understands HTML and XML, so it can do a better job
treating it intelligently.
This added intelligence is part of the reason Genshi is slower than
Mako. I think Mike's advice of mixing and matching makes some sense.
Happy Hacking,
-jj
--
http://jjinux.blogspot.com/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
