Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

more HTML special char escaping needed? #9

Open
agroszer opened this issue Mar 26, 2019 · 3 comments
Open

more HTML special char escaping needed? #9

agroszer opened this issue Mar 26, 2019 · 3 comments

Comments

@agroszer
Copy link
Contributor

GetAttrColumn.renderCell, GetItemColumn.renderCell and I18nGetAttrColumn.renderCell might need escaping instead of just returning the plain value
@mgedmin
Copy link
Member

mgedmin commented Mar 26, 2019

I will sound like a broken record and suggest looking towards MarkupSafe as a long-term solution for the entire Zope ecosystem.

@sgeulette
Copy link
Contributor

Hello,
The last change concerning html escape is breaking functionality.
In some case, html not escaped is what we need.
I cannot do anymore a span or an img tag in a cell content.
I think it's preferable to do escaping in sub methods like getLinkContent by example but not in renderCell.
Another solution would be to add a class option to escape or not.
Regards

@mgedmin
Copy link
Member

mgedmin commented Sep 30, 2019

This is why I like MarkupSafe: the knowledge whether escaping is needed is tied to the actual data, not decided arbitrarily by some code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mgedmin @agroszer @sgeulette