On Sun, Sep 27, 2009 at 8:18 AM, Chris <[email protected]> wrote: > > I see. Thanks for the info about __html__. > >> I didn't know WebOb itself also did it. > It only seems to do it on an HTTP Redirection. In webob.exc, > _make_body(self, environ, escape) it loops over environ, calling > escape on any values. (i'm still not exactly sure why).
If it's displaying the environment in an error message, it has to escape it to avoid security vulnerabilities. Otherwise a cracker can force an exception and put malicious Javascript in the query string (which would be displayed as part of the environment). >> Or is it just returning something for all .__getattr__ calls >> regardless of value? > > pymongo.database instance always returns a collection object, > regardless of the attr name. The collection object is not callable, > (well actually it defines __call__, but its implementation throws an > exception immediately on purpose). The pymongo database __getattr__ > looks like this > > # in pymongo database > def __getattr__(self, name): > return Collection(self.db, name) > > > Ok, good to know about the callable deprecation. It looks like I may > just subclass pymongo.database and override its __getattr__ to check > for __html__. That doesn't feel very clean, but it'll work. It sounds like the best solution. Sometimes you have to make kludges like this when two unrelated libraries make contradictory assumptions. Fortunately pymongo.database is overridable. Why does pymongo.database return a useless value for unknown attributes? Perhaps this is a bug in PyMongo. I'm not sure what ``Collection(self.db, name)`` means, but if a property is not specifically defined it should raise AttributeError. Otherwise it will throw off not only WebOb but all analysis/introspection tools. -- Mike Orr <[email protected]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
