ANNOUNCE: EXPERIMENTAL DTML Syntax change
Zope 2.0.0 alpha 2 (and public CVS) includes an experimental change to the DTML parser to allow HTML tags syntax and character entity reference as an alternative to the server-side-include (SSI) syntax. Basically, source like: <!--#var standard_html_header--> <ul> <!--#in objectValues--> <li> <a href="<!--#var URL1-->/<!--#var id-->/manage_workspace"> <!--#var title--></a> <!--#/in--> </ul> <!--#var standard_html_footer--> to be written as: <dtml-var standard_html_header> <ul> <dtml-in objectValues> <li> <a href="&dtml-URL1;/&dtml-id;/manage_workspace"> <dtml-var title></a> <dtml-/in> </ul> <dtml-var standard_html_footer> This format is provided to overcome some of the problems with the SSI syntax: - It looks more like and fits in with HTML, - It is easier to type, - It is easier to type and slightly less verbose, - It is, perhaps, easier to teach HTML editors how to deal with it. I'm very interested to hear how helpful this is. Do people find this a significant improvement? If people don't find it useful then it will not be included in Zope 2.0 final, and perhaps not in the Zope 2.0 betas. Note: - This format does *not*, in my mind, significantly reduce the desire for an XML variant of DTML. I think there is room for *both* XML and non-XML variants of DTML, if only because sometimes people will need to have DTML documents that are not XML well formed, for example when generating non-XML text. - This does not address the desire for a nicer through-the-web scripting language for Zope. We intend to provide the ability to build Python methods through the web that are as safe (from a security point of view) as existing DTML methods. Jim -- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
- This does not address the desire for a nicer through-the-web scripting language for Zope. We intend to provide the ability to build Python methods through the web that are as safe (from a security point of view) as existing DTML methods.
Eeek! If you do provide the ability to build Python methods through the web, please include a way for us to NOT ALLOW this. Or better yet, let us know exactly where this module is in the code base so we could replace it with empty stubs <g>. I worry enough without the added thoughts that someone could crack open zope and shovel in python code. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tom Jenkins DevIS (http://www.devis.com) python is executable pseudo-code; perl is executable line-noise
Tom Jenkins wrote:
- This does not address the desire for a nicer through-the-web scripting language for Zope. We intend to provide the ability to build Python methods through the web that are as safe (from a security point of view) as existing DTML methods.
Eeek! If you do provide the ability to build Python methods through the web, please include a way for us to NOT ALLOW this.
OK. We'll can make it a product that you chose not to install.
Or better yet, let us know exactly where this module is in the code base so we could replace it with empty stubs <g>. I worry enough without the added thoughts that someone could crack open zope and shovel in python code.
Remember that we said that this would be just *as safe as DTML*: - Every object access would be checked against the security machinery, as is done now in DTML expressions, - There will be guards against infinite loops and other sorts of accidents or attacks that cause loss of service. Jim -- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
Zope 2.0.0 alpha 2 (and public CVS) includes an experimental change to the DTML parser to allow HTML tags syntax and character entity reference as an alternative to the server-side-include (SSI) syntax.
I approve. If nothing else, it's easier on the shift-key fingers..:-) It also helps to distinguish DTML from real HTML comments. I hope this one stays in. One question: why the hyphens? Why not: <dtml var standard_html_header> jon Jonathan Corbet, Eklektix, Inc. corbet@eklektix.com
Okay, I can't take it any longer. :) For the life of me, I cannot get Zope to work with WSP. Maybe it is, but I can't get past the Authentication problem (i.e. can't get to /manage). Anyone ever tried using it with WebSite Pro? If so, please let me know. We're definitely interested in hosting this. Thanks! -- Phillip Beazley FutureSights -- Web Hosting, Development & Marketing Visit http://www.futuresights.com/ or call 727-577-SITE!
Jim Fulton wrote:
Zope 2.0.0 alpha 2 (and public CVS) includes an experimental change to the DTML parser to allow HTML tags syntax and character entity reference as an alternative to the server-side-include (SSI) syntax. Basically, source like:
<!--#var standard_html_header--> <ul> <!--#in objectValues--> <li> <a href="<!--#var URL1-->/<!--#var id-->/manage_workspace"> <!--#var title--></a> <!--#/in--> </ul> <!--#var standard_html_footer-->
to be written as:
<dtml-var standard_html_header> <ul> <dtml-in objectValues> <li> <a href="&dtml-URL1;/&dtml-id;/manage_workspace"> <dtml-var title></a> <dtml-/in> </ul> <dtml-var standard_html_footer>
This format is provided to overcome some of the problems with the SSI syntax:
- It looks more like and fits in with HTML,
I like the idea, but I disagree that <dtml-/in> looks and feels like HTML. A more natural end tag for <dtml-in> would seem to be </dtml-in> Is there a reason for your choice? -- Dr. Gary Herron <gherron@aw.sgi.com> 206-287-5616 Alias | Wavefront 1218 3rd Ave, Suite 800, Seattle WA 98101
Gary Herron wrote:
Jim Fulton wrote:
Zope 2.0.0 alpha 2 (and public CVS) includes an experimental change to the DTML parser to allow HTML tags syntax and character entity reference as an alternative to the server-side-include (SSI) syntax. Basically, source like:
<!--#var standard_html_header--> <ul> <!--#in objectValues--> <li> <a href="<!--#var URL1-->/<!--#var id-->/manage_workspace"> <!--#var title--></a> <!--#/in--> </ul> <!--#var standard_html_footer-->
to be written as:
<dtml-var standard_html_header> <ul> <dtml-in objectValues> <li> <a href="&dtml-URL1;/&dtml-id;/manage_workspace"> <dtml-var title></a> <dtml-/in> </ul> <dtml-var standard_html_footer>
This format is provided to overcome some of the problems with the SSI syntax:
- It looks more like and fits in with HTML,
I like the idea, but I disagree that <dtml-/in> looks and feels like HTML. A more natural end tag for <dtml-in> would seem to be </dtml-in>
Is there a reason for your choice?
Sorry, that </dtml.in> my choice. My fingers failed my when I typed the post. :) Jim -- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
Hi! On Tue, 15 Jun 1999, Jim Fulton wrote:
<dtml-/in>
Sorry, that </dtml.in> my choice. My fingers failed my when I typed the post. :)
No, it should be </dtml-in> ! :)))
Jim
-- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org
Oleg. ---- Oleg Broytmann Netskate/Inter.Net.Ru phd@emerald.netskate.ru Programmers don't die, they just GOSUB without RETURN.
At 15:06 15-6-99 , Jim Fulton wrote:
Zope 2.0.0 alpha 2 (and public CVS) includes an experimental change to the DTML parser to allow HTML tags syntax and character entity reference as an alternative to the server-side-include (SSI) syntax. Basically, source like:
<!--#var standard_html_header--> <ul> <!--#in objectValues--> <li> <a href="<!--#var URL1-->/<!--#var id-->/manage_workspace"> <!--#var title--></a> <!--#/in--> </ul> <!--#var standard_html_footer-->
to be written as:
<dtml-var standard_html_header> <ul> <dtml-in objectValues> <li> <a href="&dtml-URL1;/&dtml-id;/manage_workspace"> <dtml-var title></a> <dtml-/in> </ul> <dtml-var standard_html_footer>
<dtml-/in>? According to the source </dtml-in> is (also?) supported, and easier to build support for..
I'm very interested to hear how helpful this is. Do people find this a significant improvement?
It would be more helpfull. Homesite could be taught to support it quite easily, including hinting and dialog boxes specifying the options. The entities are a dream. -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | Tel: +31-35-7502100 Fax: +31-35-7502111 | mailto:mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ------------------------------------------
Martijn Pieters wrote:
At 15:06 15-6-99 , Jim Fulton wrote:
(snip)
<dtml-/in> </ul> <dtml-var standard_html_footer>
<dtml-/in>?
This was a typo. Sorry. :) Jim -- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
Jim Fulton wrote:
Zope 2.0.0 alpha 2 (and public CVS) includes an experimental change to the DTML parser to allow HTML tags syntax and character entity reference as an alternative to the server-side-include (SSI) syntax. Basically, source like:
<!--#var standard_html_header--> <ul> <!--#in objectValues--> <li> <a href="<!--#var URL1-->/<!--#var id-->/manage_workspace"> <!--#var title--></a> <!--#/in--> </ul> <!--#var standard_html_footer-->
to be written as:
<dtml-var standard_html_header> <ul> <dtml-in objectValues> <li> <a href="&dtml-URL1;/&dtml-id;/manage_workspace"> <dtml-var title></a> <dtml-/in> </ul> <dtml-var standard_html_footer>
MUCH better! This is pretty much the way Allaire does it with CFML tags, so teaching Homesite and dreamweaver to support/ignore these tags will probably be a lot easier. And thank you for removing the 'line noise'. You might (MIGHT) want to consider requiring an enclosing '<dtml-eval>' tag around the environment variables, though: <li> <dtml-eval><a href="&dtml-URL1;/&dtml-id;/manage_workspace"></dtml-eval> Leaving them 'naked' doesn't feel right. 01 (just my two bits) Michael Bernstein.
At 9:06 -0400 6/15/99, Jim Fulton wrote:
<dtml-var standard_html_header> <ul> <dtml-in objectValues> <li> <a href="&dtml-URL1;/&dtml-id;/manage_workspace"> <dtml-var title></a> </dtml-in> <-- i fixed this -- dsw </ul> <dtml-var standard_html_footer>
My first impression: this is a big improvement - much easier to read and type. My only concern is that it's inconsistent when you want to put DTML inside HTML tags, like with the href in the example above. I suppose that's unavoidable. Do you have to escape all ampersands now, or is '&dtml' itself the key? Can you use "&dtml-some_variable_name" outside of quotes? Doug -- Doug Wyatt doug@sonosphere.com Sonosphere (electric/improv music) http://www.sonosphere.com/
Doug Wyatt wrote:
At 9:06 -0400 6/15/99, Jim Fulton wrote:
<dtml-var standard_html_header> <ul> <dtml-in objectValues> <li> <a href="&dtml-URL1;/&dtml-id;/manage_workspace"> <dtml-var title></a> </dtml-in> <-- i fixed this -- dsw
:)
</ul> <dtml-var standard_html_footer>
My first impression: this is a big improvement - much easier to read and type.
My only concern is that it's inconsistent when you want to put DTML inside HTML tags, like with the href in the example above. I suppose that's unavoidable. Do you have to escape all ampersands now, or is '&dtml' itself the key?
Can you use "&dtml-some_variable_name" outside of quotes?
Actually, "&dtml-" (letters|digits|underscore|dash|dot) + ";" Jim -- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
participants (9)
-
corbet@eklektix.com -
Doug Wyatt -
Gary Herron -
Jim Fulton -
Martijn Pieters -
Michael Bernstein -
Oleg Broytmann -
Phillip Beazley -
Tom Jenkins