Changeset - 4babc6e047d0
stable
0
1
0
templates/files: narrow down scope of webhelpers.html.literal
In the 'Show Authors' functionality on a file of a repository, the following
construct:
h.literal(ungettext('..A..') % (..B..))
can be simplified. Here, literal was used to cater for explicit HTML tags in
the (..B..) part only. There is no need to apply literal on the '..A..'
part.
A better structure of this code is:
h.HTML(ungettext('..A..')) % h.literal(..B..)
Note that we still need to wrap the '..A..' part in webhelpers.html.HTML to
make sure the '%' operator will preserve the 'literal' property.
See also the documentation: (the text below for 'literal' also applies to
'HTML')
https://docs.pylonsproject.org/projects/webhelpers/en/latest/modules/html/builder.html
"
When literal is used in a mixed expression containing both literals and
ordinary strings, it tries hard to escape the strings and return a
literal. However, this depends on which value has “control” of the
expression. literal seems to be able to take control with all
combinations of the + operator, but with % and join it must be on the
left side of the expression. So these all work:
"A" + literal("B")
literal(", ").join(["A", literal("B")])
literal("%s %s") % (16, literal("kg"))
But these return an ordinary string which is prone to double-escaping later:
"\n".join([literal('<span class="foo">Foo!</span>'), literal('Bar!')])
"%s %s" % (literal("16"), literal("<em>kg</em>"))
"
In the 'Show Authors' functionality on a file of a repository, the following
construct:
h.literal(ungettext('..A..') % (..B..))
can be simplified. Here, literal was used to cater for explicit HTML tags in
the (..B..) part only. There is no need to apply literal on the '..A..'
part.
A better structure of this code is:
h.HTML(ungettext('..A..')) % h.literal(..B..)
Note that we still need to wrap the '..A..' part in webhelpers.html.HTML to
make sure the '%' operator will preserve the 'literal' property.
See also the documentation: (the text below for 'literal' also applies to
'HTML')
https://docs.pylonsproject.org/projects/webhelpers/en/latest/modules/html/builder.html
"
When literal is used in a mixed expression containing both literals and
ordinary strings, it tries hard to escape the strings and return a
literal. However, this depends on which value has “control” of the
expression. literal seems to be able to take control with all
combinations of the + operator, but with % and join it must be on the
left side of the expression. So these all work:
"A" + literal("B")
literal(", ").join(["A", literal("B")])
literal("%s %s") % (16, literal("kg"))
But these return an ordinary string which is prone to double-escaping later:
"\n".join([literal('<span class="foo">Foo!</span>'), literal('Bar!')])
"%s %s" % (literal("16"), literal("<em>kg</em>"))
"
1 file changed with 1 insertions and 1 deletions:
0 comments (0 inline, 0 general)
0 comments (0 inline, 0 general)