Robin Becker
2/22/2008 5:41:00 PM
Tim van der Leeuw wrote:
> On Fri, Feb 22, 2008 at 5:17 PM, Robin Becker <robin@reportlab.com> wrote:
>
>> A colleague has decided to keep his django database string values (which
>> are xml
>> fragments) in an xml escaped form to avoid having the problem of escaping
>> them
>> when they are used in templates etc etc.
>>
>> Unfortunately he found that the normal admin doesn't escape on the way
>> through
>> so thought of adding a standard mechanism to the save methods. However,
>> this
>> brings in the possibility of escaping twice ie once in his original
>> capture code
>> and then in the django save methods.
>>
>
> Well -- you escape them in the save() method only when they contain XML
> charachters like <, > ? How about that, wouldn't that work?
>
> --Tim
>
.......
That might work, but there are all the ampersands etc etc to consider as well.
So an escaped string could contain &, but so can a raw string.
--
Robin Becker