Hi Neil,
Thanks for the advice, your idea is better than mine
because with that I can maintain the MVC paradigm.
regards,
Roberto Zapata
On Aug 7, 4:57 pm, "Neil Blakey-Milner" <[EMAIL PROTECTED]> wrote:
> On 8/7/07, robertz23 <[EMAIL PROTECTED]> wrote:
>
> > My problem is that in Django I don't have to use this XML to escape or
> > the quotes
> > because automatically Django converts it to valid HTML.
>
> Are you sure it converts it to valid HTML? Have you looked at the
> HTML output of your page?
>
> > And I don't
> > have to use
> > quotes in the <a> tags if I'm sending a list of them to the template.
>
> The XML/XHTML/HTML-based templating system understand the underlying
> formats, and protects you from mistakenly putting non-escaped content
> into the wrong place, which might cause a security problem - such as
> with cross-site-scripting. To do that, though, they need to get
> properly formed templates in, and for the values to be marked up if
> you are sure that the value is properly escaped for display.
>
> You probably shouldn't be passing full HTML into the template for a
> list of links. Rather send a list of Python strings with the links,
> or a list of tuples with the name of the link (ie, to display in text)
> and the link URL, and build up the actual link HTML yourself:
>
> ie, in your controller:
>
> links = [ ('Home', '/'), ('Google', 'http://www.google.com/') ]
>
> in your template:
>
> <ul>
> <li py:for="link in links"><a href="${link[1]}">${link[0]}</a></li>
> </ul>
>
> This way, if you ever need to change the way the links are used, you
> can do it where it belongs - in the template. Maybe you want to add
> extra class to the link, for example.
>
> Neil
> --
> Neil Blakey-Milnerhttp://nxsy.org/
> [EMAIL PROTECTED]
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
