1424 | | This parses the comment text, runs it through the sanitizer, and serializes it to XHTML. And the result of the transformation is what we'll save to our “database”. Why are we using XHTML here, when we actually use HTML almost everywhere else? Well, we want to be able to include the comment text in Atom feeds, too, and for that they'll need to be well-formed XML. |
1425 | | |
1426 | | '''Note:''' this is just one way to add sanitization. Another equally valid approach would be to store comment submissions exactly how they were entered, and sanitize them when they are displayed. Or you could have two fields in the model: one to store the text as originally submitted, and the other to store the sanitized content ready for display. Which method you choose depends on the needs of your particular application. Or, if you were really paranoid, you'd sanitize both the input and the output. |
| 1424 | This parses the comment text, runs it through the sanitizer, and serializes it to XHTML. And the result of the transformation is what we'll save to our “database”. We use XHTML here just because that can be processed by a wider variety of tools. For the purposes of this tutorial we could just as well be storing the content using HTML serialization, because Genshi can handle both. |
| 1425 | |
| 1426 | '''Note:''' this is just one way to add sanitization. Another equally valid approach would be to store comment submissions exactly how they were entered, and sanitize them when they are displayed. Or you could have two fields in the model: one to store the text as originally submitted, and the other to store the sanitized content ready for display. Or, if you were really paranoid, you'd sanitize both the input and the output. Which method you choose depends on the needs of your particular application. |
1464 | | As above, we've added the import of the Genshi `HTML()` function. On the `<content>` element we've added the `type="xhtml"` attribute, and we've added a wrapper `<div>` inside it to declare the XHTML namespace. Finally, inside that `<div>`, we inject the comment text as an HTML-parsed stream, analogous to what we've done in the HTML template. |
| 1464 | Just like above, we've added the import of the Genshi `HTML()` function. On the `<content>` element we've added the `type="xhtml"` attribute, and we've added a wrapper `<div>` inside that element to declare the XHTML namespace. Finally, inside that `<div>`, we inject the comment text as an HTML-parsed stream, analogous to what we've done in the HTML template. |