On Wed, Mar 7, 2012 at 12:11 AM, Jonathan Swartz <swa...@pobox.com> wrote: > I hear your concerns. So I'm not sure which of these you are suggesting: > 1) Substitution tags should be HTML-escaped by default in Mason.
This one would be my choice *if* Mason was used only for the web. > 2) DefaultFilter should be implemented and documented in core Mason, so that > it doesn't require a separate plugin install. I think this should happen either way. Maybe not move into the core, but at least document it, and remove the big scary CAVEAT section from the DefaultFilter docs (I know its not your module, but I think if you suggested it to Stephen he would agree). > #1 is hard to do because Mason is supposed to be content-type agnostic - > usable for HTML generation but also other kinds of content generation. <braindump> OTOH, Mason is mainly used to generate HTML, and I really don't like "insecure by default" situations. I truly understand that Mason is used to generate other types of content, I use it to generate text parts of mail messages and JSON responses. Understand that I'm raising the concern, I don't claim to have a perfect answer for this. Part of me would like more magical behavior based on the output mime/type. If Mason knows the mime/type he is generating, he could pick saner choices for some of its defaults, like the defaults filters for substitution tags. But this might seem a bit too magical. The previous paragraph, and the fact that we can't target components to specific HTTP methods (like Dave mentioned in the GET/POST parameters thread), argue that the Mason dispatcher is a bit too limited. I have mixed feelings about it. On one hand I like that its simple, just drop files into a directory and you are done. On the other, if we could add route filters for HTTP method, mime/type and/or others, we could tweak the defaults for each request, and provide saner HTTP error codes. A valid response is just don't use Mason dispatcher if you need that stuff. </braindump> Thanks, -- Pedro Melo @pedromelo http://www.simplicidade.org/ http://about.me/melo xmpp:m...@simplicidade.org mailto:m...@simplicidade.org ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users