[albatross-users] unscriptable object
Matt Goodall
matt at pollenation.net
Tue Jul 15 10:14:25 EST 2003
On Tue, 2003-07-15 at 00:58, Dave Cole wrote:
> >>>>> "Eric" == Eric S Johansson <esj at harvee.org> writes:
>
> Eric> Dave Cole wrote:
> >>> <al-input type="submit" nameexp="categorize" value="change
> >>> classification" >
> >> Try using nameexpr="categorize"
>
> Eric> bingo. that was it.
>
> >> It looks like it may be a good idea to check that input fields have
> >> a non-None name in the template interpreter...
>
> Eric> you have an interesting problem. How do you syntax check when
> Eric> you pass through all of the things that the manager keywords.
> Eric> Maybe we should start building a "safe-to-pass" dictionary?
>
> Rather than try to validate HTML all we do is look for the attributes
> that are important to Albatross. Validating HTML is a pretty big job.
Only "pretty big"? ;-)
The way Albatross only processes known attributes, passing through
unknown attributes untouched, is crucial to its success as a templating
engine. I have used (and discarded) a number of templating engines that
tamper with attributes or plain refuse to let them through ... that's so
annoying.
Cheers, Matt
--
Matt Goodall, Pollenation Internet Ltd
w: http://www.pollenation.net
e: matt at pollenation.net
More information about the Albatross-users
mailing list