[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.python

Re: xml escapedness

Steve Holden

2/22/2008 5:47:00 PM

Robin Becker wrote:
> Tim van der Leeuw wrote:
>> On Fri, Feb 22, 2008 at 5:17 PM, Robin Becker <robin@reportlab.com> wrote:
>>
>>> A colleague has decided to keep his django database string values (which
>>> are xml
>>> fragments) in an xml escaped form to avoid having the problem of escaping
>>> them
>>> when they are used in templates etc etc.
>>>
>>> Unfortunately he found that the normal admin doesn't escape on the way
>>> through
>>> so thought of adding a standard mechanism to the save methods. However,
>>> this
>>> brings in the possibility of escaping twice ie once in his original
>>> capture code
>>> and then in the django save methods.
>>>
>> Well -- you escape them in the save() method only when they contain XML
>> charachters like <, > ? How about that, wouldn't that work?
>>
>> --Tim
>>
> ......
> That might work, but there are all the ampersands etc etc to consider as well.
> So an escaped string could contain &, but so can a raw string.

by the way, be careful - the Django trunk is already modified to perform
escaping by default, so if your colleague is using 0.96 or older he
should really look at the implications of that change on his design
decision. Storing XML in escaped for is always dodgy, much better to
escape when necessary (and when some other tool isn't doing it for you).
that is, after all, the canonical form.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC http://www.hold...