On 28/06/12 16:32, Alex Ogier wrote:
> That's an HTML-safe replacement of the str.format() method, so far as
> I can tell (except that all parameters must be [safe-]strings). That
> allows more idiomatic python, and won't require awkward shims in
> python 3, but it would mean that you can't directly translate %
> interpolations. I think thats a good tradeoff.
Yeah, I think it makes sense to move to str.format at this point. It
also helps ensure that, if you are switching code, you don't
accidentally pass a string that is already %-interpolated:
html_fragment("Some stuff %s" % data)
As for the name, I'm not convinced by html_mark_safe - to my mind that
implies an HTML version of 'mark_safe', which doesn't make sense - you
should only be using 'mark_safe' on html anyway.
Jeremy wrote:
> I like the general approach, but I miss the security-minded namse of
> "escape" and "mark safe". Maybe "safe_html_fragment" or
> "make_safe_html_fragment"? Getting annoyingly long, I know.
>
> (Apologies if this feels bike shedding)
No problem with bike-shedding - that's why I asked the question. My
response would be that the name 'Template' also doesn't imply anything
about security, but function. The same is true here - 'html_fragment' is
for building HTML fragments. Of course it is secure! Why would we call
it that if it wasn't fit for purpose? :-)
Actually my main objection is that it's a bit long, the above is just
rationalisation.
Some other alternatives: build_html, build_html_safe, format_html
Luke
--
Parenthetical remarks (however relevant) are unnecessary
Luke Plant || http://lukeplant.me.uk/
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
