Chris Withers wrote:
Martijn Faassen wrote:
Anyway, just a module that I can import from Python that exposes the functionality would already be worth a lot having in the core;
That would be my preference... but the question is should it be core Zope or core Python. I mean, the type of functionality we're talking about is pretty generically useful.
I would like it at least as a TTW configurable/instanciable (does that word exist?) zope product. It could allow - configuration of "forbidden" words in a textbox, alternativly using a "allow" policy (that might get hard). - a pre-cooked "secure html" config - possibility to write a custom parser/filter in python script/external method and it would allow something like <dtml-var someting filter="my_html_cleaner"> and <dtml-if "my_html_cleaner.is_valid('my_text')"> where is_valid(input_string) only checks if is_valid(imput_string) == input_string. The reason why I think it should be TTW configurable is that people not being able to pure python should also be in the position to use a security feature. Would this be compatible with ZPT etc.? Certainly, this doesn't rule out to implement the core funtionality as a pure python module. cheers, oliver