[Zope] Remove/Ignore <P> and other HTML tags

Paul Winkler pw_lists at slinkp.com
Thu Sep 14 20:42:42 EDT 2006


On Thu, Sep 14, 2006 at 03:52:30PM -0700, Zhi-Wei Lu wrote:
> I am a system administrator who maintains our Zope servers.  I don't  
> know that much
> about python or zope, just enough to upgrade and trouble shooting  
> from time to time.
> Of course, the developers who have developed the system are no longer  
> here.
> 
> I try to move a site from Zope 2.7.4 (python 2.4) to a new server  
> with Zope 2.9.4 (python 2.4.3),
> after some struggle, I have fixed most of the problems, but one that  
> I don't have much clue.  I hope
> that expert here can shed some light for me.
> 
> Here are section of code that displays part the of some abstract
> <dtml-let
>     rand1="get_random_image()"
>     cap1="get_folder_title(name=rand1)"
>     text="get_abstract_sample(name=rand1)">
>    <table cellpadding=0 cellspacing=0><tr>
> 
> The function get_abstract_sample
> is here
> 
> for object in container.research.objectValues():
>   a = object.getId()
>   if (a == name):
>     text = object.research_description_html.read()
>   else:
>      pass
>

Unless you omitted something, that's a really long
and slow way to do this:

 text = container.research[name].read()

Don't iterate over all items when you only care about one of
them and know what it's called :)
But that's not your problem...

> The above code work fine for the 2.7.4 server, but fails for 2.9.4  
> server, it will
> ask for authentication password for 2.9.4, no user/password combination
> will work.  If I  modify it as follows (for 2.9.4 server)
> 
> for object in container.research.objectValues():
>   a = object.getId()
>   if (a == name):
>     text = object.research_description_html
> 
> text = str(text)
> 
> return text[0:400] + '...'
> 
> Getting rid of read() for the 2.9.4 server solve the authentication  
> problem and

We don't know what kind of objects you have. But this sounds like
the code for "object" is lacking some security declarations, and zope
2.7 was too permissive.

> display the web page
>  but with some unpleasant
> <P> and other HTML tags literally (It doesn't for the old 2.7.4 server).
>
> I would love to hear suggestions and advices from this group to get  
> rid of
> the literal <P> and other HTML tags.  Thank you very much for your help.

Hmm, you never showed us where this text actually gets put into the
page.  In the example you gave, it gets assigned in a <dtml-let>
tag, and that's the last we saw of it.
Perhaps you have something like <dtml-var text html_quote="1">?

If so, remove the html_quote attribute.

See http://www.plope.com/Books/2_7Edition/AppendixA.stx#1-20

-- 

Paul Winkler
http://www.slinkp.com


More information about the Zope mailing list