[ZPT] RE:Re: [Zope] prevent quoting in tal:attributes
Evan Simpson
evan at 4-am.com
Fri Oct 3 13:35:16 EDT 2003
Jamie Heilman wrote:
> OK, I'll conceed the need for a keyword toggle (or some like device)
> for entity quoting in XML.
[snip]
>
> Anyway, I think we can at least agree that quoting dynamic attributes
> by default is preferable over not. Yes? Which would still leave us
> with the bug Evan has been trying to squash, which interestingly
> enough I can't seem trigger.
> <img alt="&" tal:attributes="alt request/alt|default" />
That's because it only affects entities *other* than those for '&<>"'.
When this is parsed, the attributes dict for this tag contains {'alt':
'&'}, which allows tal:attributes to correctly recreate the attribute.
On the other hand, if we had 'alt="€"', the dict would contain
{'alt': '€'}, and tal:attributes generates 'alt="&euro;"'.
This can be partially addressed by keeping the original string literal
value for each attribute, and using that for 'default'. For now, I plan
to back out my changes, and implement this.
I'm not sure what the proper general solution for this is. We want to
be able to combine strings that contain entity references with strings
that contain unescaped '&<>"' characters. The only solution I can think
of is to operate entirely in escaped strings, which is tricky:
>>> euro = AttrString('€', escaped=1)
>>> s2 = AttrString('My S&L account has >%s100') % euro
>>> print s2 + ' in it.'
My S&L account has >€100 in it.
This is tricky to implement in Python 2.2.x, since it doesn't handle
overriding of __mod__ on a str subclass properly.
Cheers,
Evan @ 4-am
More information about the ZPT
mailing list