xml escapedness

Robin Becker robin at reportlab.com
Fri Feb 22 17:17:17 CET 2008

A colleague has decided to keep his django database string values (which are xml 
fragments) in an xml escaped form to avoid having the problem of escaping them 
when they are used in templates etc etc.

Unfortunately he found that the normal admin doesn't escape on the way through 
so thought of adding a standard mechanism to the save methods. However, this 
brings in the possibility of escaping twice ie once in his original capture code 
and then in the django save methods.

I suggested he could use a subclass of str to represent escaped strings and an 
escape function which leaves the subclass instances alone so

class xmlstr(str):

from xml.sax.saxutils import escape
def xmlEscape(s):
     if isinstance(s,xmlstr): return s
     return xmlstr(escape(s))

this works up to a point, but anything which modifies the string reverts to the 
base class (as it probably should).

type(xmlstr('<') + '') is type(str)

clearly there are a large number of operations which should be overridden or 
just hidden to prevent the wrong outcome; has anyone else thought about this in 
any detail?
Robin Becker

More information about the Python-list mailing list