[web2py] Re: GAE Cloud SQL local dev server problem

[Alexei Vinidiktov]

On Sat, Aug 4, 2012 at 1:56 PM, Alexei Vinidiktov <
alexei.vinidik...@gmail.com> wrote:

> Hello,
>
> I'm need hep figuring out how to set up a local GAE development server
> with MySQL.
>
> MySQL connection parameters are specified via App Launcher application
> settings: --mysql_user=root --mysql_password=xx --mysql_host=localhost
> --mysql_port=3306
>
> When I launch my web2py app with GAE Launcher on my local Windows box I
> get this erorr message:
>
> 
> ERROR2012-08-04 06:28:43,515 dal.py:5962] DEBUG: connect attempt 0,
> connection error:
> Traceback (most recent call last):
>   File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\dal.py", line
> 5955, in __init__
> self._adapter = ADAPTERS[self._dbname](*args)
>   File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\dal.py", line
> 3310, in __init__
> self.folder = folder or
> '$HOME/'+thread.folder.split('/applications/',1)[1]
> IndexError: list index out of range
> #
>
> What does the following line do?
>
> self.folder = folder or '$HOME/'+thread.folder.split('/applications/',1)[1]
>
> If I comment out "or '$HOME/'+thread.folder.split('/applications/',1)[1]"
> in DAL.py and relaunch the dev server, the application appears to be able
> to connect to MySQL but then I get a different error message:
>
> 
> INFO 2012-08-04 06:42:35,142 rdbms_mysqldb.py:102] Connecting to MySQL
> with kwargs {'passwd': 'xx', 'unix_socket': '', 'host': 'localhost',
> 'port': 3306, 'user': 'root'}
> ERROR2012-08-04 06:42:35,153 warnings.py:29]
> C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\dal.py:1386: Warning:
> Can't create database 'vocabilis'; database exists
>   ret = self.cursor.execute(*a, **b)
>
> ERROR2012-08-04 06:42:35,575 restricted.py:155] Traceback (most recent
> call last):
>   File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\main.py", line
> 510, in wsgibase
> session._try_store_in_db(request, response)
>   File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\globals.py", line
> 561, in _try_store_in_db
> record_id = table.insert(**dd)
>   File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\dal.py", line
> 6829, in insert
> return self._db._adapter.insert(self,self._listify(fields))
>   File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\dal.py", line 928,
> in insert
> raise e
> ProgrammingError: (1146, "Table 'vocabilis.web2py_session_vocabilis'
> doesn't exist")
> #
>
> The vocabilis database does exist. It was created earlier when I connected
> to MySQL from a non GAE environment.
>
> If I specify a different non-existent database in the connection string,
> then after relaunching the application vith the GAE Launcher I get this
> error message:
>
> ###
> INFO 2012-08-04 06:44:45,415 rdbms_mysqldb.py:102] Connecting to MySQL
> with kwargs {'passwd': 'xx', 'unix_socket': '', 'host': 'localhost',
> 'port': 3306, 'user': 'root'}
> ERROR2012-08-04 06:44:45,828 restricted.py:155] Traceback (most recent
> call last):
>   File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\main.py", line
> 510, in wsgibase
> session._try_store_in_db(request, response)
>   File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\globals.py", line
> 561, in _try_store_in_db
> record_id = table.insert(**dd)
>   File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\dal.py", line
> 6829, in insert
> return self._db._adapter.insert(self,self._listify(fields))
>   File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\dal.py", line 928,
> in insert
> raise e
> ProgrammingError: (1146, "Table 'vocabilis3.web2py_session_vocabilis'
> doesn't exist")
> ###
>
> So the application  appears to be unable to create the session table.
>
> I'm running Windows, Python 2.7, web2py 1.99.7, MySQL 5.5
>
>
>
I had a connection string with "migrate_enabled=False". I tried removing
it, then I got this error message:

###
ERROR2012-08-04 07:07:40,513 restricted.py:155] Traceback (most recent
call last):
  File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\restricted.py", line
205, in restricted
exec ccode in environment
  File 
"C:\Users\alexei\Dev\web2py\vocabilis.net\applications\vocabilis\models\db.py",
line 23, in 
session.connect(request, response, db = db)
  File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\globals.py", line
488, in connect
migrate=table_migrate,
  File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\dal.py", line 6320,
in define_table
polymodel=polymodel)
  File "C:\Users\alexei\Dev\web2py\vocabilis.net\gluon\dal.py", line 707,
in create_table
% (table._db._uri_hash, tablename))
  File "C:\Python27\lib\ntpath.py", line 96, in join
assert len(path) > 0
TypeError: object of type 'NoneType' has no len()
###


-- 
Alexei Vinidiktov

-- 

[web2py] Re: Centos 5 script for Nginx with Uwsgi and Web2py

[peter]

Thanks for this Alan. I will independently test and feedback, but imagine 
it will work for me too.
Peter

On Saturday, 4 August 2012 00:23:21 UTC+1, Alan Etkin wrote:
>
> Updated the script to:
>
> - Write port 443 admin password
> - Create welcome.w2p package (for solving admin create app feature error)
> - Patch Python2.7.3 code for sqlite3 issue before installing
>
> It was tested with a clean CentOS 5.8 vbox and is working. Needs 
> improvement: it stops a few times for user confirmation
>
> El jueves, 2 de agosto de 2012 13:16:18 UTC-3, peter escribió:
>>
>> Someone else has provided a script for centos 6. There are plenty of 
>> webservers out there based on centos 5 I believe because of its stability. 
>> So it is useful to have a script for Centos 5. Particularly as this seems 
>> to be the most tricky Linux for web2py because it uses and needs python 2.4
>> Massimo: it depends how long Alan will take to come up with a tested 
>> script for python 2.7. A working python2.6 script is better than an almost 
>> working 2.7 one.
>>
>>
>> Peter
>>
>> On Thursday, 2 August 2012 15:22:27 UTC+1, Alan Etkin wrote:
>>>
>>> > The script I attached in my previous email is your script but with 
>>> python set to be 2.6. I tested this and it works.
>>>
>>> My concern is that 2.7 is said to be the last supported 2.x version of 
>>> Python. I agree that testing in a raw install saves time and all kinds of 
>>> issues. I will deploy in a virtual machine and debug the script so I can 
>>> come back with a working one.
>>>
>>> Shouldn't we provide the working script for the lastest CentOS 
>>> distribution (which I supposse is not what we are using), instead of basing 
>>> in a previous one?
>>>
>>>

-- 

Re: [web2py] Re: strange response.flash

[Martin Weissenboeck]

Hi Anthony, thank you!

(1)  Restricted character for args - that is ok!

(2) ajax=True:

def flash6():
return dict(load=LOAD('default', 'flash6a.load', ajax=True))

def flash6a():
response.flash='hello there* äöü*'
return dict()

Same result, nothing to see.
But

def flash6():
return dict(load=LOAD('default', 'flash6a.load', ajax=True))

def flash6a():
response.flash='hello there'
return dict()

without umlaut works.

(3)* response.flash="Auswählen"* (German for "select") writes sometime
*"Ausw%C3%A4hlen*" and sometimes "*Auswählen*". Why?

Regards, Martin


2012/8/4 Anthony 

> This issue is not with response.flash but with request.args. The
> characters allowed in args are fairly restrictive -- here are the regexes
> used: http://code.google.com/p/web2py/source/browse/gluon/rewrite.py#51,
> http://code.google.com/p/web2py/source/browse/gluon/rewrite.py#575.
>
> In the LOAD() examples, try setting ajax=True and the flash should work.
>
> Anthony
>
>
>

-- 

[web2py] Copyright with current year in footer - automatic updating - suggestion.

[Rob_McC]

Still new to python and web2py - sure enjoying it,

I wonder if this is a good idea?
Automatic updating year of (c) notice of footer

i.e.
© 2012 Your Company Name

this is updated to the servers clock, automatically changes to 2013, when 
it is time.

*Notes:*

   1. I read it is better to use ©  rather than ©  just as the 
   Welcome app used
   2. I removed the 
   {{=T('Copyright')}}
   3. I think the form "© year Your Company Name" is commonly used  *(ref: 
   twitter.com and see Google's © notice on web2py google groups)*. There 
   is no standard format for (c) notices that I know of, and in most 
   jurisdiction, they are optional, as your work is protected from the time 
   you create it - but always a good idea to put on.
   4. I wasn't sure about the import statement or wether I should place a 
   variable somewhere else, or of there are any drawback of this technique.
   5. I like this because it is one less string to translate, and one less 
   thing to update each January. Sites with old  (c) notices look stale. 


*Editing file: *welcome/views/layout.html
*
*
  

  
{{block footer}} 

  
  ©
{{
# adds current year, no updating necessary
import datetime
now = datetime.datetime.now()
=" %d" % now.year
}}
  Your Company Name  
  
 
   
  
http://www.web2py.com/";>


  

{{end}} 
  

  

-- 

Re: [web2py] Copyright with current year in footer - automatic updating - suggestion.

[Jonathan Lundell]

On 4 Aug 2012, at 7:48 AM, Rob_McC  wrote:
> Still new to python and web2py - sure enjoying it,
> 
> I wonder if this is a good idea?

Using © seems like a good idea, just on i18n grounds. Where did you see © 
preferred? Sounds like advice for really old browsers (using IE4, anyone?). 

I question whether it's worth adding this overhead to every request. How likely 
is it that a design will not be refreshed for enough years to be out of date 
(and in such a case, an old copyright date is probably appropriate).

Finally, there's a legal argument for leaving it alone. The © date is the date 
of first publication, not necessarily the date of the last edit.

And a minor issue: with the server and client in different timezones, this 
logic will show © 2013 for as much as a day at the end of 2012. Easy enough to 
fix (subtract a day, or a month, from now()), but still, it seems to me that 
the best approach is to leave the year static and arrange so that it can be 
updated in one place as appropriate.


> Automatic updating year of (c) notice of footer
> 
> i.e.
> © 2012 Your Company Name
> 
> this is updated to the servers clock, automatically changes to 2013, when it 
> is time.
> 
> Notes:
> I read it is better to use ©  rather than ©  just as the Welcome 
> app used
> I removed the 
> {{=T('Copyright')}}
> I think the form "© year Your Company Name" is commonly used  (ref: 
> twitter.com and see Google's © notice on web2py google groups). There is no 
> standard format for (c) notices that I know of, and in most jurisdiction, 
> they are optional, as your work is protected from the time you create it - 
> but always a good idea to put on.
> I wasn't sure about the import statement or wether I should place a variable 
> somewhere else, or of there are any drawback of this technique.
> I like this because it is one less string to translate, and one less thing to 
> update each January. Sites with old  (c) notices look stale. 
> 
> Editing file: welcome/views/layout.html
> 
>   
> 
>   
> {{block footer}} 
> 
>   
>   ©
> {{
> # adds current year, no updating necessary
> import datetime
> now = datetime.datetime.now()
> =" %d" % now.year
> }}
>   Your Company Name  
>   
>  
>
>   
> http://www.web2py.com/";>
>  src="{{=URL('static','images/poweredby.png')}}"/>
> 
>   
> 
> {{end}} 
>   
> 
>   
> 
> 
> -- 
>  
>  
>  


-- 

Re: [web2py] Re: strange response.flash

[Anthony]

I see. I think the problem is only with response.flash within Ajax 
components. The message is escaped on the server via urllib2.quote, and 
then decoded in the browser via decodeURIComponent (see source 
code
):

jQuery('.flash').html(decodeURIComponent(flash)).slideDown();

The problem is that if there are any ascii encodings in flash, 
decodeURIComponent seems to expect a valid URI and throws an error 
otherwise, which is what is happening when the unicode characters are 
included. A previous version of web2py.js did the escaping in Javascript on 
the client side, but with the same effect.

A fix might be to use xmlescape() to do any escaping on the server side 
(which is effectively the same as the escaping of a regular flash message), 
and then don't do any escaping or decoding on the client side -- so the 
above line would change to:

jQuery('.flash').html(flash).slideDown();

To do the server-side escaping, I think we can change line 
552in main.py 
from:

urllib2.quote(str(response.flash).replace('\n',''))

to:

xmlescape(response.flash).replace('\n','')

(Would also have to import xmlescape from html.py.)

Anthony

-- 

Re: [web2py] Copyright with current year in footer - automatic updating - suggestion.

[Rob_McC]

Thanks for insight...

*Q: Where did you see © preferred?*
>Ref: http://www.copyrightauthority.com/copyright-symbol/
*"However,... always use the  number code instead of the symbol code 
©"*
(after examining the site, maybe not an authority? :)

Comment:
*>Finally, there's a legal argument for leaving it alone. The © date is the 
date of first publication, not necessarily the date of the last edit.*
. I know what you mean. I remember Micro$oft using a range of dates on 
software  (c) Microsoft 1996-2003  
  but, as I mentioned, notice is optional (at least in Can and USA) - and 
one would have to proof the date of creation if challenged.

*>I question whether it's worth adding this overhead to every request*
. I think I'll just hard code it, as I hope to have a very busy site 
someday.

Thanks
~Rob

>
>

-- 

Re: [web2py] Copyright with current year in footer - automatic updating - suggestion.

[Jonathan Lundell]

On 4 Aug 2012, at 9:04 AM, Rob_McC  wrote:
> Thanks for insight...
> 
> Q: Where did you see © preferred?
> >Ref: http://www.copyrightauthority.com/copyright-symbol/
> "However,... always use the  number code instead of the symbol code 
> ©"
> (after examining the site, maybe not an authority? :)

I think that site is pretty good, but that specific advice is perhaps a little 
stale. My rationale for sticking with © is just for readability—and that's 
not a terribly strong argument, since it's fairly clear from context what 
© must be...

> Comment:
> >Finally, there's a legal argument for leaving it alone. The © date is the 
> >date of first publication, not necessarily the date of the last edit.
> . I know what you mean. I remember Micro$oft using a range of dates on 
> software  (c) Microsoft 1996-2003  
>   but, as I mentioned, notice is optional (at least in Can and USA) - and one 
> would have to proof the date of creation if challenged.
> 
> >I question whether it's worth adding this overhead to every request
> . I think I'll just hard code it, as I hope to have a very busy site someday.
> 


-- 

[web2py] Re: Centos 5 script for Nginx with Uwsgi and Web2py

[peter]

Script tested and working. Thanks Alan
Peter


On Saturday, 4 August 2012 10:50:45 UTC+1, peter wrote:
>
> Thanks for this Alan. I will independently test and feedback, but imagine 
> it will work for me too.
> Peter
>
> On Saturday, 4 August 2012 00:23:21 UTC+1, Alan Etkin wrote:
>>
>> Updated the script to:
>>
>> - Write port 443 admin password
>> - Create welcome.w2p package (for solving admin create app feature error)
>> - Patch Python2.7.3 code for sqlite3 issue before installing
>>
>> It was tested with a clean CentOS 5.8 vbox and is working. Needs 
>> improvement: it stops a few times for user confirmation
>>
>> El jueves, 2 de agosto de 2012 13:16:18 UTC-3, peter escribió:
>>>
>>> Someone else has provided a script for centos 6. There are plenty of 
>>> webservers out there based on centos 5 I believe because of its stability. 
>>> So it is useful to have a script for Centos 5. Particularly as this seems 
>>> to be the most tricky Linux for web2py because it uses and needs python 2.4
>>> Massimo: it depends how long Alan will take to come up with a tested 
>>> script for python 2.7. A working python2.6 script is better than an almost 
>>> working 2.7 one.
>>>
>>>
>>> Peter
>>>
>>> On Thursday, 2 August 2012 15:22:27 UTC+1, Alan Etkin wrote:

 > The script I attached in my previous email is your script but with 
 python set to be 2.6. I tested this and it works.

 My concern is that 2.7 is said to be the last supported 2.x version of 
 Python. I agree that testing in a raw install saves time and all kinds of 
 issues. I will deploy in a virtual machine and debug the script so I can 
 come back with a working one.

 Shouldn't we provide the working script for the lastest CentOS 
 distribution (which I supposse is not what we are using), instead of 
 basing 
 in a previous one?



-- 

Re: [web2py] Copyright with current year in footer - automatic updating - suggestion.

[Alec Taylor]

On a slightly unrelated note, can we update the copyright all over
web2py.com and the layout.html that is shipped with newer web2py versions
to 2012?

On Sun, Aug 5, 2012 at 2:17 AM, Jonathan Lundell  wrote:

> On 4 Aug 2012, at 9:04 AM, Rob_McC  wrote:
>
> Thanks for insight...
>
> *Q: Where did you see © preferred?*
> >Ref: http://www.copyrightauthority.com/copyright-symbol/
> *"However,... always use the  number code instead of the symbol code
> ©"*
> (after examining the site, maybe not an authority? :)
>
>
> I think that site is pretty good, but that specific advice is perhaps a
> little stale. My rationale for sticking with © is just for
> readability—and that's not a terribly strong argument, since it's fairly
> clear from context what © must be...
>
> Comment:
> *>Finally, there's a legal argument for leaving it alone. The © date is
> the date of first publication, not necessarily the date of the last edit.*
> . I know what you mean. I remember Micro$oft using a range of dates on
> software  (c) Microsoft 1996-2003
>   but, as I mentioned, notice is optional (at least in Can and USA) - and
> one would have to proof the date of creation if challenged.
>
> *>I question whether it's worth adding this overhead to every request*
> . I think I'll just hard code it, as I hope to have a very busy site
> someday.
>
>
>
>  --
>
>
>
>

-- 

[web2py] Re: Simple Translatable FAQ pages - what approach?

[Alan Etkin]

If you want to use crud with the questions you could even store them in a 
table

Then you can do for example. Consider also using markmin for the responses

{{for faq in db(db.faq).select():}}
  {{ =H3(T(faq.question))}}
  ...
  {{=DIV(T(faq.answer))}}
  ...
{{pass}}



El viernes, 3 de agosto de 2012 10:08:47 UTC-3, Rob_McC escribió:
>
> My app needs a very simple FAQ page (in many languages),
>  maybe only 12 Questions, I know code, so I can add/edit/delete questions 
> in web2py views.
>
> This appears to be the simplest way to do this.
> I use the "~" to group the questions while editing  i.e:
> /admin/default/edit_language/PublicProfile/languages/it.py
> (otherwise the order is alphabetical)
>
> *Question:
> *Is this a good approach for simple FAQ pages on a web2py app?
>
> Thanks for help  
>  ~Rob
>
> Sample Code:
>
> {{extend 'layout.html'}}
> This is the default/faq.html template
>
> 
> {{=T('~ Is the application free?')}}
> {{=T('~ Yes, it is completely free.')}}
>
> 
> {{=T('~ Will the application always be free?')}}
> {{=T('~ Yes, there will always be a free version.')}}
>
>
> *Note:
> *I did read about flatpages plugin, but that looks like way more than I 
> need?
>
>

-- 

Re: [web2py] Re: strange response.flash

[Martin Weissenboeck]

I have tried
xmlescape(response.flash).replace('\n','')
Yes, this solves the problems. Would be nice to have it in trunk.

Thank you!

2012/8/4 Anthony 

> I see. I think the problem is only with response.flash within Ajax
> components. The message is escaped on the server via urllib2.quote, and
> then decoded in the browser via decodeURIComponent (see source 
> code
> ):
>
> jQuery('.flash').html(decodeURIComponent(flash)).slideDown();
>
> The problem is that if there are any ascii encodings in flash,
> decodeURIComponent seems to expect a valid URI and throws an error
> otherwise, which is what is happening when the unicode characters are
> included. A previous version of web2py.js did the escaping in Javascript on
> the client side, but with the same effect.
>
> A fix might be to use xmlescape() to do any escaping on the server side
> (which is effectively the same as the escaping of a regular flash message),
> and then don't do any escaping or decoding on the client side -- so the
> above line would change to:
>
> jQuery('.flash').html(flash).slideDown();
>
> To do the server-side escaping, I think we can change line 
> 552in 
> main.py from:
>
> urllib2.quote(str(response.flash).replace('\n',''))
>
> to:
>
> xmlescape(response.flash).replace('\n','')
>
> (Would also have to import xmlescape from html.py.)
>
> Anthony
>
>

-- 

[web2py] Re: Centos 5 script for Nginx with Uwsgi and Web2py

[Massimo Di Pierro]

I have limited connectivity until tomorrow. If you have something to go in 
trunk please open an issue so it does not get lost.

-- 

[web2py] Re: New Plugin to add client side validation to your SQLFORM

[Franco]

Sorry for the delayed response.
Basically overrides SQLFORM default widgets with my own widgets.
That's all, sorry if my explanation is shallow, but i don't know how to 
explain me in english.
The sourcecode is quite simple maybe another example could help?

El martes, 24 de julio de 2012 15:44:55 UTC-3, Massimo Di Pierro escribió:
>
> Can you tell us more about how it works?
>
> On Tuesday, 24 July 2012 09:38:51 UTC-5, Franco wrote:
>>
>>
>> 
>>
>> Greetings everyone. I want to share with you this plugin, it's based on 
>> jquery-validation-engine plugin.
>>
>> It's easy to use, your only need to replace SQLFORM with JsSQLFORM and 
>> that's it.
>>
>> At this moment only supports 7 validators 
>> (IS_NOT_EMPTY, IS_EMAIL, IS_URL, IS_DATE, IS_LENGTH, IS_INT_IN_RANGE, 
>> IS_FLOAT_IN_RANGE).
>>
>>
>> Here are some examples of use:
>> def validation():
>>
>>
>>
>> from plugin_ValidationEngine import JsSQLFORM
>>
>> f = JsSQLFORM.factory(
>>
>> Field('nombre', requires = [IS_NOT_EMPTY(), IS_LENGTH(20, 3)],label 
>> = 'Nombre'),
>>
>> Field('apellido', requires = IS_NOT_EMPTY(), label = 'Apellido'),
>>
>> Field('cuit', requires = IS_LENGTH(12, 12), label = 'Cuit'),
>>
>> Field('edad', requires = IS_INT_IN_RANGE(18, 65), label = 'Edad'
>> ),
>>
>> Field('importe', requires = IS_FLOAT_IN_RANGE(1, .99), label 
>> = 'Importe')
>>
>> )
>>
>> if f.accepts(request, session):
>>
>> response.flash = 'Ok'
>>
>> else:
>>
>> response.flash = 'Bad'
>>
>> return dict(form = f)
>>
>>
>>
>>
>> def validation2():
>>
>> from plugin_ValidationEngine import JsSQLFORM
>>
>> f = JsSQLFORM(db.test)
>>
>> if f.accepts(request, session):
>>
>> response.flash = 'Ok'
>>
>> else:
>>
>> response.flash = 'Bad'
>>
>> return dict(form = f)
>>
>>
>>
>>
>>
>>
>>
>>

-- 

[web2py] Re: Simple Translatable FAQ pages - what approach?

[Rob_McC]

Alan:

. Thanks very much.

. I didn't know that was an option.

. I tried it and it works perfectly.

. I added this to my *db.py* file, field 'arrange' is to order the 
questions - I just enter an integer to sort.

db.define_table('faq',Field('question','string'),Field('answer','string'),
Field('arrange','integer'))


. in the *VIEW* *default/faq.html* file

{{for faq in db(db.faq).select(orderby = db.faq.arrange):}}
  {{ =H3(T(faq.question))}}

  ...
  {{=DIV(T(faq.answer))}}
  ...
{{pass}}


. I know now to push button "update all languages"  - so the faq will be 
interred intro the language files.

. So, now all I have to figure out is to allow only the user "admin" to be 
able to update the faq,--  now any user can.

Thanks again

~Rob


-- 

[web2py] Re: Simple Translatable FAQ pages - what approach?

[pbreit]

For 12 questions to keep it very simple, I'd just write them in straight 
HTML.

-- 

Re: [web2py] Re: strange response.flash

[Anthony]

On Saturday, August 4, 2012 7:00:18 PM UTC-4, dbdeveloper wrote:
>
>  I do not understand what the problem with decodeURIComponent()?
>

When I tried trunk, I think there was a problem with the encoding of my 
controller file (ANSI instead of UTF-8) -- in that case, I guess 
urllib2.quote didn't yield the correct output for decodeURIComponent (same 
problem in the earlier version, when the escaping was done on the client 
side via the Javascript escape() function). Now it works.

In any case, a remaining issue is that there's still no escaping of 
potentially dangerous content in the flash message. Everything written to 
HTML by web2py is typically escaped, including regular flash messages. The 
only content that isn't getting escaped are flash messages for Ajax 
components. To be consistent (and safe), we should probably escape those 
messages as well (you can always put them in an XML() if you don't want 
them escaped, as with any template content). In main.py, I replaced:

urllib2.quote(str(response.flash).replace('\n',''))

with:

urllib2.quote(xmlescape(response.flash).replace('\n',''))

With that change, the flash message still looks fine (see screenshot below).

Anthony




 

--