Andy McKay wrote:
What do people (especially Chris) think of making ChrisW's stripogram part of the core of Zope.
I think it rocks :-)
Just discussing this with some colleagues today and we got onto a marshalling data and it occured to us it would be nice to do something like <input type="text" name="something:html:p:br"> that would only allow p and br in the html. Ok, its easy to get around with a fake form, but how about being able to only specify certain html tags in metadata in the CMF.
That's a cool syntax but it's a bit too 'magik' for me. That magik could be alleviated by something documenting the whole <input name="fish:list/x"> or maybe a project describing what those things after the colon should do and where they should be documented. personally, I don't think it'll scale to html filtering. What happens when you want to get the allowed tags from a property of another object?
Having HTML Parser and maybe those stripogram functions should be easy to integrate and provide Zope with a standard security mechanism for these issues.
Hmmm, how's this for a plan: 1. Document the :something options fully. 2. Add a :html that behaves as you describe 3. Fix the bug that means :date won't accept an empty value. 4. expose the above stuff in a coersion module that can be imported into python scripts, that would mainly have one function: coerce def coerce(from,to,**kw): eg: from coersion import coerce x='1234' y=1234 z='10/6/01' a='' b='<b>x,y</b>' coerce(x,'int')==y==1234 coerce(y,'string')==x=='1234' coerce(z,'date')==DateTimeObject coerce(a,'date')==DateTimeObject (or maybe None, but I favour a DateTime object that actually has a NULL value) coerce(b,'html',tags=['i'])=='x,y' cheers, Chris