[Zope] TaintedString, how is it determined, where ?

Jean-Francois.Doyon@CCRS.NRCan.gc.ca Jean-Francois.Doyon@CCRS.NRCan.gc.ca
Wed, 7 May 2003 11:33:24 -0400


Hello,

I am playing with the html_quote function, trying to get it to quote =
ALL
html entities, not just the basic ones cgi.escape() handles.

I've got that part working well enough, though I had to modify Zope =
code ...
Is it possible to monkey patch (or in any other way modify) from a =
product a
function (and not a class) ?

The problem I discovered is that only "tainted strings" are passed to
html_quote.  BUT what Zope determines to be "tainted" isn't "wide" =
enough
for my needs.  In my case, strings with latin-1 accents are not deemed
"tainted", which means they don't get quoted by the code I have in =
place
(Which would replace "=E9" with "é").

Could anybody point me in the right direction? Where do I find the code =
that
determines whether a <dtml-var> used variable (such as Title) is deemed
tainted?

I could just write a new PythonScript or something like that to do it =
...
But since the architecture is allready in place to do it, I'd rather =
just
modify that.

Also, the documentation for html_quote really suggests this shuld be =
the
behavior. Either the behavior of the function, or the docs, should be
ammended to be clearer.

Thanks!

Jean-Fran=E7ois Doyon
Internet Service Development and Systems Support / Soutien de =
syst=E8mes et
developement de services Internet
GeoAccess Division / Division G=E9oAcc=E8s
Canada Center for Remote Sensing / Centre canadien de =
t=E9l=E9d=E9tection
Natural Resources Canada /  Ressources naturelles Canada
Phone / T=E9l=E9phone: (613) 992-4902
Fax / T=E9l=E9copieur: (613) 947-2410
http://atlas.gc.ca