Steve Holden wrote: > Robin Becker wrote: >> Tim van der Leeuw wrote: >>> On Fri, Feb 22, 2008 at 5:17 PM, Robin Becker <[EMAIL PROTECTED]> wrote: >>> >>>> A colleague has decided to keep his django database string values (which >>>> are xml >>>> fragments) in an xml escaped form to avoid having the problem of escaping >>>> them >>>> when they are used in templates etc etc. >>>> >>>> Unfortunately he found that the normal admin doesn't escape on the way >>>> through >>>> so thought of adding a standard mechanism to the save methods. However, >>>> this >>>> brings in the possibility of escaping twice ie once in his original >>>> capture code >>>> and then in the django save methods. >>>> >>> Well -- you escape them in the save() method only when they contain XML >>> charachters like <, > ? How about that, wouldn't that work? >>> >>> --Tim >>> >> ...... >> That might work, but there are all the ampersands etc etc to consider as >> well. >> So an escaped string could contain &, but so can a raw string. > > by the way, be careful - the Django trunk is already modified to perform > escaping by default, so if your colleague is using 0.96 or older he > should really look at the implications of that change on his design > decision. Storing XML in escaped for is always dodgy, much better to > escape when necessary (and when some other tool isn't doing it for you). > that is, after all, the canonical form. > > regards > Steve
I agree wholeheartedly, I would prefer raw in the db. Since we're scraping for some of the content it's hard to eliminate all xml though. -- Robin Becker -- http://mail.python.org/mailman/listinfo/python-list
