Ah - network delays ;-)
It's ok - the postings will catch up soon....
On Tue, Dec 9, 2008 at 11:32 AM, achipa <[EMAIL PROTECTED]> wrote:
>
> Yes, I know about .xml(), it's just that it is unintuitive, and more
> importantly w3 says:
>
> "User agents must not evaluate script data as HTML markup but instead
> must pass it on as data to a script engine. Please note that script
> data that is element content may not contain character references, but
> script data that is the value of an attribute may contain them."
>
> ... so I'm not sure what Massimo means when he says it MUST escape
> characters. I understand for general tags, but <script> is pretty
> specific with regard to this, and for a reason. What I'm saying it
> makes more sense to me to return XML() when someone does {{=SCRIPT
> (stuff)}} than require to do XML manually. As is now, the script
> element is more like a CODE() tag ni forums that ensures source get's
> printed to the user, but not executed/nterpreted.
>
> On Dec 9, 5:22 pm, mdipierro <[EMAIL PROTECTED]> wrote:
> > Yes, by default it MUST escape all characters, This is an import
> > security features.
> > In Django they had to break backward compatibility and make it so.
> > Use XML(text) to prevent it.
> >
> > Massimo
> >
> > On Dec 9, 7:41 am, Iceberg <[EMAIL PROTECTED]> wrote:
> >
> > > Can web2py's XML(...) help you?
> >
> > > On Dec 8, 11:24 pm, achipa <[EMAIL PROTECTED]> wrote:
> >
> > > > I just noticed that by default it escapes some chars that it probably
> > > > shouldn't - for example 'if x < y' becomes 'if x < y'. You can of
> > > > course work around this, but is probably not what most users would
> > > > expect...
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
