For the most part we'd only want to accept "safe" HTML, but it is
certainly conceivable to need something more open/flexible/etc. It
might be good to have two service defs (both can call the same service
impl), with names to denote the difference, ie a suffix of "SafeHtml"
and "AnyText" for the other.
As for storing JSON strings... it sounds a bit odd. The Content stuff
is really meant for content that is written and read by humans. I do
agree the above change would be good, but perhaps there is also a
better place to store your JSON strings (ie it sounds a little bit
"hackish"... ;) ).
-David
On Feb 23, 2009, at 10:20 PM, Al Byers wrote:
I am storing a very large JSON string in the database using the CMS.
Am I
right in understanding that because the createTextContent service
does not
have an "allowHtml" attribute on the textData field set to "none"
that in
ModelService.validate method it is the
StringUtil.checkStringForHtmlStrictNone call that is encoding the
double
quotes that are in the string?
What would setting allowHtml to "safe" do? Still encode?
If this is the case, do we have any options other than writing
different
versions of content persisting services to handle the case where we
do not
want encoding to happen?
-Al
