On 8/7/07, robertz23 <[EMAIL PROTECTED]> wrote:
> My problem is that in Django I don't have to use this XML to escape or
> the quotes
> because automatically Django converts it to valid HTML.
Are you sure it converts it to valid HTML? Have you looked at the
HTML output of your page?
> And I don't
> have to use
> quotes in the <a> tags if I'm sending a list of them to the template.
The XML/XHTML/HTML-based templating system understand the underlying
formats, and protects you from mistakenly putting non-escaped content
into the wrong place, which might cause a security problem - such as
with cross-site-scripting. To do that, though, they need to get
properly formed templates in, and for the values to be marked up if
you are sure that the value is properly escaped for display.
You probably shouldn't be passing full HTML into the template for a
list of links. Rather send a list of Python strings with the links,
or a list of tuples with the name of the link (ie, to display in text)
and the link URL, and build up the actual link HTML yourself:
ie, in your controller:
links = [ ('Home', '/'), ('Google', 'http://www.google.com/') ]
in your template:
<ul>
<li py:for="link in links"><a href="${link[1]}">${link[0]}</a></li>
</ul>
This way, if you ever need to change the way the links are used, you
can do it where it belongs - in the template. Maybe you want to add
extra class to the link, for example.
Neil
--
Neil Blakey-Milner
http://nxsy.org/
[EMAIL PROTECTED]
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
