[Zope-CMF] Preventing HTML in Structured Text in Plone/CMF
Dieter Maurer
dieter@handshake.de
Fri, 4 Jul 2003 22:13:30 +0200
Steven Hayles wrote at 2003-7-3 17:07 +0100:
> I'd like to block the embedding of HTML in Structured Text in Plone. I can
> see that I could modify CMFDefault.Document.Document._edit, replacing
>
> self.cooked_text = format_stx(text=text, level=level)
>
> with
>
> self.cooked_text = format_stx(text=html_quote(text), level=level)
>
> However, a monkey patch seems better. Shouldn't I be able to use the
> following in an __init.py__ file in a new product?
>
> from Products.CMFCore import utils
> from DocumentTemplate.DT_Util import html_quote
>
> original_format_stx = utils.format_stx
>
> def new_format_stx(text, level):
> """"format_stx replacement"""
> return original_format_stx(text=html_quote(text), level=level)
>
> utils.format_stx = new_format_stx
>
> Can anyone explain to me slowly and clearly why this approach doesn't work?
"Document" probably does "from "Products.CMFCore.utils import "format_stx".
If this is right, then whether your monkey patch becomes effective
depends on the relative import time of "Document" and your product.
When your product comes first, your patch wins; otherwise, it is not
effective.
As you can see: patching modules functions is unsafe...
Dieter