[Zope-dev] Stripogram or similar in core

[Chris Withers]

Andy McKay wrote:
> 
> What do people (especially Chris) think of making ChrisW's stripogram part
> of the core of Zope.

I think it rocks :-)

> Just discussing this with some colleagues today and we got onto a
> marshalling data and it occured to us it would be nice to do something like
> <input type="text" name="something:html:p:br"> that would only allow p and
> br in the html. Ok, its easy to get around with a fake form, but how about
> being able to only specify certain html tags in metadata in the CMF.

That's a cool syntax but it's a bit too 'magik' for me. That magik could be
alleviated by something documenting the whole <input name="fish:list/x"> or
maybe a project describing what those things after the colon should do and where
they should be documented.

personally, I don't think it'll scale to html filtering. What happens when you
want to get the allowed tags from a property of another object?

> Having HTML Parser and maybe those stripogram functions should be easy to
> integrate and provide Zope with a standard security mechanism for these
> issues.

Hmmm, how's this for a plan:

1. Document the :something options fully.

2. Add a :html that behaves as you describe

3. Fix the bug that means :date won't accept an empty value.

4. expose the above stuff in a coersion module that can be imported into python
scripts, that would mainly have one function: coerce

def coerce(from,to,**kw):

eg:
from coersion import coerce

x='1234'
y=1234
z='10/6/01'
a=''
b='<b>x,y</b>'

coerce(x,'int')==y==1234
coerce(y,'string')==x=='1234'
coerce(z,'date')==DateTimeObject
coerce(a,'date')==DateTimeObject (or maybe None, but I favour a DateTime object
that actually has a NULL value)
coerce(b,'html',tags=['i'])=='x,y'

cheers,

Chris