[Zope-dev] Stripogram or similar in core

Andy McKay andym@ActiveState.com
Sat, 27 Oct 2001 09:30:45 -0700


> That's a cool syntax but it's a bit too 'magik' for me. That magik could
be
> alleviated by something documenting the whole <input name="fish:list/x">
or
> maybe a project describing what those things after the colon should do and
where
> they should be documented.

Yeah it is a little. Just thinking of ideas here.

> personally, I don't think it'll scale to html filtering. What happens when
you
> want to get the allowed tags from a property of another object?

Hmm true of course it could just be <input name="fish:list<dtml-var
"_.string.join(allowedHtml,'/')">" etc> or something

> Hmmm, how's this for a plan:
>
> 1. Document the :something options fully.
>
> 2. Add a :html that behaves as you describe
>
> 3. Fix the bug that means :date won't accept an empty value.

Thats related?

> 4. expose the above stuff in a coersion module that can be imported into
python
> scripts, that would mainly have one function: coerce

Hang on a sec...

> def coerce(from,to,**kw):
>
> eg:
> from coersion import coerce
>
> x='1234'
> y=1234
> z='10/6/01'
> a=''
> b='<b>x,y</b>'
>
> coerce(x,'int')==y==1234
> coerce(y,'string')==x=='1234'
> coerce(z,'date')==DateTimeObject
> coerce(a,'date')==DateTimeObject (or maybe None, but I favour a DateTime
object
> that actually has a NULL value)
> coerce(b,'html',tags=['i'])=='x,y'

Whats wrong with just int and str etc... Is your idea here just to get
everything in one place and one
class? Other than that Im not sure of the value..

----- Original Message -----
From: "Chris Withers" <chrisw@nipltd.com>
To: "Andy McKay" <andym@ActiveState.com>
Cc: <zope-dev@zope.org>
Sent: Saturday, October 27, 2001 3:48 AM
Subject: Re: [Zope-dev] Stripogram or similar in core


> Andy McKay wrote:
> >
> > What do people (especially Chris) think of making ChrisW's stripogram
part
> > of the core of Zope.
>
> I think it rocks :-)
>
> > Just discussing this with some colleagues today and we got onto a
> > marshalling data and it occured to us it would be nice to do something
like
> > <input type="text" name="something:html:p:br"> that would only allow p
and
> > br in the html. Ok, its easy to get around with a fake form, but how
about
> > being able to only specify certain html tags in metadata in the CMF.
>
> That's a cool syntax but it's a bit too 'magik' for me. That magik could
be
> alleviated by something documenting the whole <input name="fish:list/x">
or
> maybe a project describing what those things after the colon should do and
where
> they should be documented.
>
> personally, I don't think it'll scale to html filtering. What happens when
you
> want to get the allowed tags from a property of another object?
>
> > Having HTML Parser and maybe those stripogram functions should be easy
to
> > integrate and provide Zope with a standard security mechanism for these
> > issues.
>
> Hmmm, how's this for a plan:
>
> 1. Document the :something options fully.
>
> 2. Add a :html that behaves as you describe
>
> 3. Fix the bug that means :date won't accept an empty value.
>
> 4. expose the above stuff in a coersion module that can be imported into
python
> scripts, that would mainly have one function: coerce
>
> def coerce(from,to,**kw):
>
> eg:
> from coersion import coerce
>
> x='1234'
> y=1234
> z='10/6/01'
> a=''
> b='<b>x,y</b>'
>
> coerce(x,'int')==y==1234
> coerce(y,'string')==x=='1234'
> coerce(z,'date')==DateTimeObject
> coerce(a,'date')==DateTimeObject (or maybe None, but I favour a DateTime
object
> that actually has a NULL value)
> coerce(b,'html',tags=['i'])=='x,y'
>
> cheers,
>
> Chris
>
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )
>