Re: Template engines

Fri, 06 Jul 2007 00:12:44 -0700 

On 7/6/07, Mike Orr <[EMAIL PROTECTED]> wrote:
> A well-formed template doesn't necessarily mean the output is
> well-formed, especially if HTML markup is inserted via placeholder
> variables.  Sometimes the source is legacy data or outside your
> control.

I'm not sure you are right on this.  As far as I understand, if you
use HTML(foo) in Genshi, it'll convert that to a markup stream.  When
you use it in py:replace, py:content, or ${}, you'll convert the
non-well-formed HTML to the output format (ie, XHTML, HTML4, &c.)
specified in the template engine.

Besides a problem I'm having (which I haven't even tried to fix) of
the <link> tags that TurboGears Widgets inserts into the page not
having "/ >" at the end, that's been the way it's behaved.

Personally, I think that using text-based templates just opens up too
many problems around cross-site scripting and broken HTML because
people forget to escape their data properly every single time.  I
think an explicit "this data should be displayed as HTML" is better
than an explicit "this data is already HTML encoded".  But, hey, I'm
not about to try fight anyone about it or whether we should change
from Mako, so long as it is easy for me to use Genshi properly.

If anything, Mako best matches what people are used to.  It keeps
people more comfortable.  Which is probably a good idea while they
learn the stuff that doesn't match what they're used to.  And, well,
people who think they're good enough to remember to encode their data
every time aren't going to take kindly to telling them that using an
XML-based system is better for newbies.

Neil
-- 
Neil Blakey-Milner
http://nxsy.org/
[EMAIL PROTECTED]

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to