[Zope-dev] Stripogram or similar in core

[Andy]

> You seem to be aware of the fact, but I'd like to point it out
> explicitely: from a security point of view, this is completely useless.
> As HTML stripping is often done for security reasons, I fail to see the
> interest in such a feature.


That depends where you do the checking, yes html validation in just a form
is not as secure as checking at the application level. What I am suggesting
is adding the HTML validation framework into the core of Zope so people can
add checking to any level of their application as they wish. Making a
standard interface to this gives a the developer chance to put the checking
in at the level they choose.

For example OFS.PropertyManager in standard Zope, or parts of say the
Workflow in CMF. Form marshalling is just one of the possible uses...
--
  Andy McKay