[Catalog-sig] HTML in long description
Tarek Ziadé
ziade.tarek at gmail.com
Fri Aug 21 17:15:36 CEST 2009
2009/8/21 "Martin v. Löwis" <martin at v.loewis.de>:
>> FWIW lxml.html is pretty convenient to remove any dangerous tag, it's
>> a one-liner
>> that will get rid of any <form> <script> <embed> etc..
>
> Hmm. Is there a library whose *explicit* purpose is to create "safe"
> HTML. I would be hesitating to implement it myself.
Well, that's *one* of the explicit goal of lxml.html, see
http://codespeak.net/lxml/lxmlhtml.html#cleaning-up-html
I used to do it myself using SGMLParser (based on the well known
active state recipe), then I discovered this one,
which do the work fine.
>> The reStructuredText format is an implicit rule from pypi and trying an
>> rst2html process on server side, no matter what long_description contains,
>> seem like a bad practice to me.
>
> I think it's not too bad. Since the long_description is either plain
> text or ReST, the cost of misinterpretation is really low - ReST may
> get mis-rendered as preformatted plain text, in which case it will
> remain readable still.
>
Sure we can live with it,
> [..]
>
> That could be done, either way, IMO. It might also be useful to have a
> distutils command that generates a pypi-like page, so that people can
> preview the rendered description.
yes that's basically :
$ python setup.py --long-description | rst2html.py > preview.html
Maybe that could be a '--preview' option to the existing "register" command,
to create that preview, to avoid adding an extra command for such a
specific need
Regards
Tarek
--
Tarek Ziadé | http://ziade.org
More information about the Catalog-SIG
mailing list