Re: xml escapedness
- From: Robin Becker <robin@xxxxxxxxxxxxx>
- Date: Fri, 22 Feb 2008 18:16:23 +0000
Steve Holden wrote:
Robin Becker wrote:Tim van der Leeuw wrote:On Fri, Feb 22, 2008 at 5:17 PM, Robin Becker <robin@xxxxxxxxxxxxx> wrote:......
A colleague has decided to keep his django database string values (whichWell -- you escape them in the save() method only when they contain XML
are xml
fragments) in an xml escaped form to avoid having the problem of escaping
them
when they are used in templates etc etc.
Unfortunately he found that the normal admin doesn't escape on the way
through
so thought of adding a standard mechanism to the save methods. However,
this
brings in the possibility of escaping twice ie once in his original
capture code
and then in the django save methods.
charachters like <, > ? How about that, wouldn't that work?
--Tim
That might work, but there are all the ampersands etc etc to consider as well. So an escaped string could contain &, but so can a raw string.
by the way, be careful - the Django trunk is already modified to perform escaping by default, so if your colleague is using 0.96 or older he should really look at the implications of that change on his design decision. Storing XML in escaped for is always dodgy, much better to escape when necessary (and when some other tool isn't doing it for you). that is, after all, the canonical form.
regards
Steve
I agree wholeheartedly, I would prefer raw in the db. Since we're scraping for some of the content it's hard to eliminate all xml though.
--
Robin Becker
.
- Prev by Date: Re: Return value of an assignment statement?
- Next by Date: bus error/segfault from PyArg_ParseTuple in initproc with incorrect arg number
- Previous by thread: Re: xml escapedness
- Next by thread: Simple - looking for a way to do an element exists check..
- Index(es):
Relevant Pages
|
