Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
comp.lang.python
Re: xml escapedness
Steve Holden
2/22/2008 5:47:00 PM
Robin Becker wrote:
> Tim van der Leeuw wrote:
>> On Fri, Feb 22, 2008 at 5:17 PM, Robin Becker <robin@reportlab.com> wrote:
>>
>>> A colleague has decided to keep his django database string values (which
>>> are xml
>>> fragments) in an xml escaped form to avoid having the problem of escaping
>>> them
>>> when they are used in templates etc etc.
>>>
>>> Unfortunately he found that the normal admin doesn't escape on the way
>>> through
>>> so thought of adding a standard mechanism to the save methods. However,
>>> this
>>> brings in the possibility of escaping twice ie once in his original
>>> capture code
>>> and then in the django save methods.
>>>
>> Well -- you escape them in the save() method only when they contain XML
>> charachters like <, > ? How about that, wouldn't that work?
>>
>> --Tim
>>
> ......
> That might work, but there are all the ampersands etc etc to consider as well.
> So an escaped string could contain &, but so can a raw string.
by the way, be careful - the Django trunk is already modified to perform
escaping by default, so if your colleague is using 0.96 or older he
should really look at the implications of that change on his design
decision. Storing XML in escaped for is always dodgy, much better to
escape when necessary (and when some other tool isn't doing it for you).
that is, after all, the canonical form.
regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC
http://www.hold...
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
Re: xml escapedness
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password