On Thu, Jul 28, 2011 at 1:13 AM, Krishnakant Mane <[email protected]> wrote:
> On 28/07/11 12:26, Mike Orr wrote:
>>
>> On Wed, Jul 27, 2011 at 11:15 PM, Krishnakant Mane<[email protected]>
>> wrote:
>>>
>>> Hello all.
>>> I have a requirement where a pylons action controller gets data fromm
>>> request.params["companyname"] and put it into an xml file at the server
>>> side.
>>> it has many other fields but here I am just making things simple.
>>> Now my problem is that when user enters special characters such as&, for
>>> example "mark& spencer " then the code fails.
>>> Obviously I think somewhere we need to convert this into cdata. Is there
>>> some way in which I instruct the request to send the values in cdata?
>>
>> Where and how does it fail?
>>
>> CDATA is not a way to protect against markup crashes. It's just a bulk
>> quoting mechanism to avoid having to quote individual& < > in a chunk
>> of text. But Pylons should automatically quote all the data values in
>> your outgoing template, so you don't need CDATA. Unless perhaps you're
>> trying to embed Javascript in an HTML file and the quoting rules are
>> getting too complex; but the answer there is to put the Javascript in
>> a separate file.
>>
>> If you send a form to the user and they enter "mark& spencer" in a
>> text field, it should come back to you as a properly-formatted POST
>> document containing "mark& spencer". WebOb will automatically
>> decode that to u"mark& spencer" for you. You put that in a template
>> variable (c.name => ${name}), and Pylons/Mako's default filter
>> should convert that to "mark& spencer" in the output XML. If
>> that's not working, we need to know where exactly it's breaking down,
>> or what you're doing differently than this.
>>
>
>
>> A very unlikely possibility is that the browser is returning
>> misformatted POST input, which is choking WebOb. But I have never seen
>> a browser do that.
>>
>
> Yes I have one thing different.
> The return is in a json object.
> I have @jsonify at the top of my action.
> So the organisation name gets processed that way.
> Problem also seems to be that when an ajax function is called to send the
> value back for processing, it must be doing some thing wrong.
> Let me explain the exact situation.
> In accounting, we have books maintained for every financial year.
> So first I choose an organisation name fromm the dropdown and an ajax
> request is sent to retrive its financial year.
> So when I try doing this, I see that the entire application crashes.
> Secondly I also have a strong doubt that when organisation is deployed in
> the first place, the data might not be encoded properly so when we retrive
> back the data its not in proper format.
> so when I create a new organisation with name as Mark & spencer, I wonder if
> its going in the right way inside request.params.
> I printed it to the terminal and came right.
> But now when I have it in the dropdown it means c.name worked right.
> The problem only happens when I send that back for processing (meaning
> getting the financial year which was earlier saved for selected
> organisation).
> Now the controller retrives the exact financial year for the requested
> organisation.
> But the value of the requested organisation seems to get currupt somewhere
> and so the retrival mechanism fails.
JSON does not require escaping or CDATA. I looked at the source for
@jsonify and did a simple test:
Python 2.7.1+ (r271:86832, Apr 11 2011, 18:05:24)
[GCC 4.5.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import simplejson
>>> s = {u"name": u"Mark & Spencer"}
>>> simplejson.dumps(s)
'{"name": "Mark & Spencer"}'
>>> sys.getdefaultencoding()
'ascii'
So it kept the "&", and converted the strings from unicode to str
using the default encoding. Pylons' default encoding is utf-8 but
@jsonify may not know that. That may be a missing feature in @jsonify.
You can set the default encoding in the 'dumps' call:
simplejson.dumps(s, encoding='latin1').
But if you don't know what encoding the data is in, or if it's a
different encoding than the database thinks it is, then it can be
tricky to extract the data. This is not a Pylons issue, it depends on
how Python and the database interact, and which database it is. You
know which record is causing the problem, so first try to view it in
the database's command-line tool. Then try to read it in a simple
Python program.
import sqlalchemy as sa
import sqlalchemy.orm as orm
import simplejson
import myapp.model as model
engine = sa.create_engine("postgresql:///me")
model.init_model(engine)
obj = model.ORMClass.get(1234)
print repr(obj.id)
print repr(obj.name)
print simplejson.dumps({"id": obj.id, "name": obj.name})
As an aside, to check whether the dropdown is correctly formatted,
you'd have to "view source" on the page and see whether the & is
"&" or "&" in the HTML. Browsers will render a bare "&" as "&",
even though it's incorrect HTML and a sign of a potential security
risk in the application.
--
Mike Orr <[email protected]>
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
