R
Robin Becker
A colleague has decided to keep his django database string values (which are xml
fragments) in an xml escaped form to avoid having the problem of escaping them
when they are used in templates etc etc.
Unfortunately he found that the normal admin doesn't escape on the way through
so thought of adding a standard mechanism to the save methods. However, this
brings in the possibility of escaping twice ie once in his original capture code
and then in the django save methods.
I suggested he could use a subclass of str to represent escaped strings and an
escape function which leaves the subclass instances alone so
class xmlstr(str):
pass
from xml.sax.saxutils import escape
def xmlEscape(s):
if isinstance(s,xmlstr): return s
return xmlstr(escape(s))
this works up to a point, but anything which modifies the string reverts to the
base class (as it probably should).
type(xmlstr('<') + '') is type(str)
clearly there are a large number of operations which should be overridden or
just hidden to prevent the wrong outcome; has anyone else thought about this in
any detail?
fragments) in an xml escaped form to avoid having the problem of escaping them
when they are used in templates etc etc.
Unfortunately he found that the normal admin doesn't escape on the way through
so thought of adding a standard mechanism to the save methods. However, this
brings in the possibility of escaping twice ie once in his original capture code
and then in the django save methods.
I suggested he could use a subclass of str to represent escaped strings and an
escape function which leaves the subclass instances alone so
class xmlstr(str):
pass
from xml.sax.saxutils import escape
def xmlEscape(s):
if isinstance(s,xmlstr): return s
return xmlstr(escape(s))
this works up to a point, but anything which modifies the string reverts to the
base class (as it probably should).
type(xmlstr('<') + '') is type(str)
clearly there are a large number of operations which should be overridden or
just hidden to prevent the wrong outcome; has anyone else thought about this in
any detail?