Andy McKay wrote:
> What do people (especially Chris) think of making ChrisW's stripogram part
> of the core of Zope.

I think it rocks :-)

> Just discussing this with some colleagues today and we got onto a
> marshalling data and it occured to us it would be nice to do something like
> <input type="text" name="something:html:p:br"> that would only allow p and
> br in the html. Ok, its easy to get around with a fake form, but how about
> being able to only specify certain html tags in metadata in the CMF.

That's a cool syntax but it's a bit too 'magik' for me. That magik could be
alleviated by something documenting the whole <input name="fish:list/x"> or
maybe a project describing what those things after the colon should do and where
they should be documented.

personally, I don't think it'll scale to html filtering. What happens when you
want to get the allowed tags from a property of another object?

> Having HTML Parser and maybe those stripogram functions should be easy to
> integrate and provide Zope with a standard security mechanism for these
> issues.

Hmmm, how's this for a plan:

1. Document the :something options fully.

2. Add a :html that behaves as you describe

3. Fix the bug that means :date won't accept an empty value.

4. expose the above stuff in a coersion module that can be imported into python
scripts, that would mainly have one function: coerce

def coerce(from,to,**kw):

from coersion import coerce


coerce(a,'date')==DateTimeObject (or maybe None, but I favour a DateTime object
that actually has a NULL value)



Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to