Sells, Fred wrote:
I'm using cgi for now, but will need some persistant store and MySQL
connection pooling. (figured to cross those bridges later)
Titus and I are working on a SQL session store. I have a preliminary
version for MySQL if you need it.
def _q_index [html] (self):
parms = {}
parms['next_saturday'] =
util.getWeekdayMonthDayYear(util.getNextSaturday())
body = _BODY % parms
"<html><head><title>"
"title is here"
'</title>'#<link rel="stylesheet" href="css" type="text/css" />'
'</head><body>'
htmltext(body)
'</body> </html>'
PTL is useful but it can be a pain. It's a tradeoff between the
elegance of PTL and the safety of implicit escaping vs the annoyance of
having to use htmltext() or str() sometimes. In this case, _BODY must
be protected because it's a global variable. It would be better to
htmltext it as early as possible, either at its definition or at its
first appearance in the function. Then the % operator will escape the
parms. Otherwise they can sneak in HTML markup.
Note that 'next_saturday' is htmltext. Sometimes you have to use str()
on dictionary keys to get them to match. Sometimes you have to use
str() on arguments to Python library functions because they insist on a
string.
You can use another template system like Cheetah if you don't like PTL.
http://cheetahtemplate.org/
I have a Cheetah filter that works like htmltext/htmlescape if you need it.
You can skip the PTL syntax and use htmltext and htmlescape directly if
you just want the escaping.
body = htmltext(_BODY) % params
Or you can use TemplateIO to get the effect of easy concatenation
without the PTL syntax.
from quixote.html import TemplateIO
tio = TemplateIO(html=True)
tio += first_part # Will be escaped if not htmltext.
tio += second_part
result = tio.getvalue() # Result is htmltext.
_______________________________________________
Quixote-users mailing list
[email protected]
http://mail.mems-exchange.org/mailman/listinfo/quixote-users
