[Zope] Re: Exsternal method quote

Dieter Maurer dieter@handshake.de
Mon, 28 Oct 2002 21:03:48 +0100


Andreas Tille writes:
 > On Fri, 25 Oct 2002, Dieter Maurer wrote:
 > 
 > > You say that a Python Script automatically quotes HTML which comes
 > > from a plain file object?
 > >
 > >   I do not want to believe this!
 > Hmm, me too, to be honest.
 > 
 > > Please provide a minimal example (in a small zexp).
 > > I am curious where the HTML quoting happens...
 > To prevent posting binaries to this list I putted it on
 > 
 >        http://people.debian.org/~tille/quoting.zexp
 > 
 > Explanation:
 > 
 > If I do
 > 
 >       return cont[foundname]
 > 
 > in the last line of index_html the HTML-Stuff is quoted.
 > If I replace this by
 > 
 >       return cont[foundname].document_src()
This seems not to be a "File" object but something else, maybe
a DTML object.

  With "return cont[foundname]", you return the object itself.
  ZPublisher converts this to a string by calling its "__str__"
  method. DTML objects perform HTML quoting in their "__str__"
  method.

  "File" objects, on the other hand, return raw content.

 > it is not quoted but can only be viewed by authenticated users - i.e.
 > a passwort identification has to be passed which is not acceptable for
 > this case.
You can use a proxy role on the script.

You may also call your DTML object to get the rendered (and not HTML
quoted) result (be careful, to pass the necessary positional
parameters, unless the object does not really contain DTML commands).


Dieter