On 6 mai, 08:22, Qiangning Hong <[EMAIL PROTECTED]> wrote:
> I'm porting from genshi to mako for my blog application, and found two
> important features lack in mako:
>
> 1. auto html escaping. I must escape explicitly in mako to avoid XSS
> attack. It's error-prone, but i can live with that.
This could probably be solved by monkeypatching or decorating the
context object
(the 'c' magical global var) so that it takes care of this - I once
had a similar use case
(with encoding, in SimpleTal) that I solved this way.
> 2. auto close open tags in HTML. In genshi, HTML() function will
> close open tags automatically. e.g. HTML('<i>asdf') will produce
> '<i>asdf</i>'. It can avoid users' input to mess up with the page
> layout, that's very important for a system allowing users to input
> html directly.
This one is more a model's responsability IMHO - I mean, the model
should tidy the
html user input (and not only to avoid unclosed tags...).
My 2 cents...
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
