>me. I *really* like having the default request.GET['foo'] return a >"safe" object... but the as_* methods kinda weird me out. I'd have >to play with it, but perhaps GET.__getitem__ could return a string >subclass that acted "safe" unless cast to an "unsafe" object explicitly?
Should be easily doable: GET.__getitem__ would just have to return an object of a class that implements __str__ as a function that does heavy safekeeping and would add a bunch of other functions that would convert to the right result. That way you would have to do GET['foo'].unsafe_str() to get at the underlying unsafe string stuff. I would only provide _one_ conversion function though: GET['foo']._for(EmailField) for example could just return a string that's suiteable for usage in an EmailField. That way you can define the actual conversion functions as class methods on the field classes, so that the system is easily extensible. These class methods could do some input field sanitizing as it would be needed for them (like a HTMLField could keep HTML tags, while the default __str__ conversion would throw out HTML tags?). I don't think that we really would need as_float or as_int conversions, we better just use the default __int__ and __float__ and friends. The "safe GET result" should mostly behave as a standard python object, only for special cases like email or safe HTML or unsafe HTML it should have extra syntax. bye, Georg
