On 8/9/02 8:43 AM, "Toby Dickenson" <[EMAIL PROTECTED]> wrote:
> I agree it is true in most cases, but not all. Have you analysed how many > applications will be broken by this? how they can detect the breakage? I > certainly will not have time to assess the implications on my applications > before the scheduled release of 2.6. This is why I raised the flag of "can there be a way to disable it?", and Martijn put a fix in: - <dtml-var name> and &dtml.-name; will now automatically HTML-quote unsafe data taken implictly from the REQUEST object. Data taken explicitly from the REQUEST object is not affected, as well as any other data not originating from REQUEST. This can be disabled (at your own risk!) by setting the environment variable ZOPE_DTML_REQUEST_AUTOQUOTE to one of 'no', '0', or 'disabled'. I have the same concerns you do, but I figure that if any problems are found during normal execution of any Zope release this is attached to that I don't have time to investigate a fix for myself, I can add this environment variable (which normally I am not fond of doing), restart, and make a note "investigate fixing site blablabla". Is there any reason why this solution wouldn't work for you? > Like I said before, this is probably a good feature. If it was available as a > patch then I would probably use it on a number of my sites, and would > recommend it to others. I would be very happy see it (or something like it) > in 2.7. > > But not 2.6. Oh, 2.6 will never happen anyways ;) (seriously folks - what's the plan?). Since there's no current release plan for 2.6, it's hard to plan future deployments around it anyways. But if you have any sites you plan to move to 2.6, you should test this Autoquote change aggressively during the alpha/beta cycle. Since the ZOPE_DTML_REQUEST_AUTOQUOTE change has been put in, I've reserved future judgments until I get a chance to actually do some testing. I know that if I do run into any issues in the future that I don't have time to deal with, I can just flip that switch off. -- Jeffrey P Shell www.cuemedia.com _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )