[Kss-devel] Server response format

Balazs Ree ree at ree.hu
Sun May 13 16:22:09 CEST 2007 

Sun, 13 May 2007 14:47:36 +0200 keltezéssel Jeroen Vloothuis azt írta:

> Godefroid Chapelle wrote:
>  > Jeroen Vloothuis wrote:
>  >
>  > <snip>
>  >
>  >> My biggest reason for bringing this up is to make clear that end
>  >> users of the pure Python library need to know what they can pass in.
>  >>
>  > Which actually would depend on the semantic of each command...
> 
> Yes, so at the moment the library would not escape anything. If you need
> to pass a string value than you would need to escape it yourself. This
> is fine by me. I will let this issue rest and continue on to the
> commandset support for pure Python usage.

The problem is we don't have data types so the parameters cannot decide 
the conversion. Values that you can pass are either of the two types at 
the moment:

- unicode string values

- in the case of parameters that have the payload, XML or HTML (as a 
unicode string)

Unicode strings that travel in commands are properly escaped (if not it's 
a bug and we need a test + fix for it) which means unicode parameters 
arrive on the client as sent from the server. You don't need to escape 
them beforehand just pass them in an unicode.

The XML payload really depends on if it's XML or HTML. So we cannot 
decide automatically which parser we apply: the command has to decide 
that and check the values properly. That is what we had in commandsets in 
the previous implementation. Actually the parser is doing fixup of bad 
html too that you would not want from xml.

However wheather or not we parse the content, we do not apply quoting in 
it because we want them to remain tags and get embedded into the document.

> The code that is in the trunk of kss.commands works according like the
> current kss.core (in the way that it does not escape the values).

We even check from tests, if the hmtl entity was replaced by its numeric 
version &#187; . This shows that the current code, when inserting html 
payload, is escaping the value. Only, it is not the same kind of escaping 
you would expect from it.

Obviously for this the caller has to run the result through the html or 
the xml parser, in order this to be done, and we can't decide for him, 
which parser is needed. Only the command can know about that, and this is 
currently implemented in the commandset layer, whose equivalent is yet to 
be invented.

-- 
Balazs Ree

More information about the Kss-devel mailing list