If this is of use to anyone, I've ended up with the following
solution:
<td>{{
for line in (row.basic.comments or ' ').splitlines():
=P(line,_class='tablepara')
pass
}}</td>
Having multiple paragraphs like this enables CSS (such as indenting)
to be applied to each one. The "or ' '" part is needed for rows where
basic.comments is null in the database.
Eddie
On Jun 16, 2:50 am, Eddie Eyles <ho...@heddonsgate.co.uk> wrote:
> Thanks one and all for your suggestions - very useful.
> I'm not especially happy with the way sanitizer.sanitize behaves:
> * if you pass it <br> tags, it gives you <br/> tags [i.e. with no
> space before the /], which, although not illegal, are discouraged as
> against <br /> [with a space], for compatibility with older browsers;
> * if you pass it <br /> tags [i.e. with a space], it also gives you
> <br/> tags [with no space];
> * if you pass it <br/> tags [i.e. with no space], it gives you the
> gobbledegook, for example:
> Hello Eddie<br/>Hello Martinhoe<br/>Hello World becomes:
> Hello Eddie<br/>>Hello Martinhoe<br</br>>Hello World
>
> Does this mean there are problems with sanitize here?
>
> Eddie
>
> On Jun 15, 7:00 am, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > Yes, this is what you want:
>
> > <td>{{=XML(row.basic.comments.replace('\n','<br>'),sanitize=True)}}</
> > td>
>
> > <br> is deprecated and it should be <br />, sanitize fixes it for you.
>
> > You can also be more explicit
>
> > <td>{{=XML(row.basic.comments.replace('\n','<br>'),permitted_tags=
> > ['br/'],sanitize=True)}}</td>
>
> > so that only <br /> is un-escaped.
>
> > Massimo
>
> > On Jun 14, 8:56 pm, Eddie Eyles <ho...@heddonsgate.co.uk> wrote:
>
> > > I'm retrieving data that may contain carriage returns, and I want to
> > > display this with these line breaks intact, i.e. I need to put either
> > > a '<br/>' or an HTML block element closure/opening in place of each
> > > carriage return. I have tried the following in the view:
>
> > > <td>{{=row.basic.comments.replace('\n','<br/>')}}</td>
> > > -- this outputs '<br/>' instead of '<br/>', as you would expect
>
> > > <td>{{=row.basic.comments.replace('\n',XML('<br/>'))}}</td>
> > > -- this generates an error 'expected a character buffer object'
>
> > > <td>{{=XML(row.basic.comments.replace('\n','<br/>'))}}</td>
> > > -- this achieves what I want, but of course it also means the entire
> > > field is unescaped, leaving it vulnerable to XSS attack
>
> > > <td>{{=XML(row.basic.comments.replace('\n','<br/>'),sanitize=True)}}</
> > > td>
> > > -- this produces gobbledegook
>
> > > <td>{{=XML(row.basic.comments.replace('\n','<br>'),sanitize=True)}}</
> > > td>
> > > -- this seems to be just right (but strangely the expected '<br>' tags
> > > are converted to '<br/>')
>
> > > Am I doing the right thing with my last effort? I am very new to both
> > > web2py and python.
>
> > > Eddie
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
