[Zope] TaintedString, how is it determined, where ?
Wed, 7 May 2003 13:44:57 -0700
> I am playing with the html_quote function, trying to get it to quote ALL
> html entities, not just the basic ones cgi.escape() handles.
You don't need to do that if you're serving the content with the
correct character set.
> I've got that part working well enough, though I had to modify Zope code ...
> Is it possible to monkey patch (or in any other way modify) from a product a
> function (and not a class) ?
I've found, where there's a will there's a way, but you really don't
need to in this case.
> The problem I discovered is that only "tainted strings" are passed to
> html_quote. BUT what Zope determines to be "tainted" isn't "wide" enough
> for my needs. In my case, strings with latin-1 accents are not deemed
> "tainted", which means they don't get quoted by the code I have in place
> (Which would replace "é" with "é").
Why not just return the document with the charset header set to
> I could just write a new PythonScript or something like that to do it ...
> But since the architecture is allready in place to do it, I'd rather just
> modify that.
I'd advise against that, cgi.escape gets used a lot, there's no point
in making it more expensive than it needs to be.
Jamie Heilman http://audible.transient.net/~jamie/
"Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear to be, so take precaution."