Roundup Tracker - Issues

Message5350

Author jerrykan
Recipients ThomasAH, ber, ezio.melotti, jerrykan, r.david.murray, rouilj, schlatterbeck
Date 2015-08-10.12:35:56
Message-id <1439210157.15.0.276247778513.issue2550847@psf.upfronthosting.co.za>
In-reply-to
> All this escaping stuff is confusing. I am against allowing non-escaped
> output in user messages, so if people need them - they should be able
> to implement solution in template themselves.

If user wants to ability to return non-escaped output back to the client
via a detector I don't think we should be taking that option away from
them - there is a good reason why just about every
web-framework/templating language allows overriding HTML auto-escaping.

However, like those web-frameworks/templating languages the user should
have to explicitly state that they don't want the output to be escaped
and assume the responsibility to "not do unsafe things" that comes with
that ability.

Of all the options mentioned so far I think having a new Exception type
would be the cleanest implementation. Given that Reject is currently the
recommended Exception, I would suggest creating a new RejectRaw that
does not escape the output.

I am happy to put a patch together if there is some agreement around this.
History
Date User Action Args
2015-08-10 12:35:57jerrykansetmessageid: <1439210157.15.0.276247778513.issue2550847@psf.upfronthosting.co.za>
2015-08-10 12:35:57jerrykansetrecipients: + jerrykan, schlatterbeck, ber, rouilj, ThomasAH, ezio.melotti, r.david.murray
2015-08-10 12:35:57jerrykanlinkissue2550847 messages
2015-08-10 12:35:56jerrykancreate