Simon Willison wrote:
>
>
> On 21 Nov 2005, at 02:08, Robert Wittams wrote:
>
>> from django.core import input
>>
>> a = request.GET.get('a', 0).as(input.int)
>> a_list = request.GET.get_list('a', 0).as(input.int)
>
>
> That syntax looks pretty smart to me. It's definitely extensible - it
> would be trivial to define your own input filter object and pass it to
> the 'as' function.
>
> To make sure 0 can be returned if the filtering fails it would have to
> be stored in a property of the intermediate object.
>
How about this: to get at the raw string, you have to do this
from django.core.input import dangerous
a = request.GET.get('a',0).as(dangerous.raw_string)
This way it should be staring you in the face which parts to pay
attention to, and also be easy to grep for. Also it allows for other
"dangerous" input options in future.
