| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-www(at)postgresql(dot)org |
| Subject: | Re: escapes in submitted docs comments |
| Date: | 2017-02-15 12:13:45 |
| Message-ID: | 25A171D9-F543-45B8-BBE1-3B0903C9F7B2@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
> On 15 Feb 2017, at 12:52, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> wrote:
>
> Daniel Gustafsson wrote:
>>> On 02 Feb 2017, at 22:47, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
>>>
>>> The docs comments coming in through pgsql-docs look like this:
>>>
>>> select instr('010000101001001','1',-1) from dual
>>>
>>> Can the escaping be fixed?
>>
>> AFAIU with Django, to avoid the escaping the form content would have to be
>> marked safe which seems.. unsafe. Given the nature of SQL and the comments we
>> get, perhaps the simple approach is to just replace the unicode quote since it
>> will be quite common? Something along the lines of the (untested) diff below?
>
> There are plenty of other characters being escaped, though. Can't we
> just do something like "parse this html piece as text" instead?
> ("unescape" I suppose). We're only sending it in a text/plain email, so
> there's no worry of misinterpreted HTML.
Perhaps not, I guess I’m just scared about potentially “helpful” MUA’s who see
HTML and renders even if it’s in text/plain. That being said, I don’t think
I’ve seen one in quite some time.
cheers ./daniel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2017-02-15 13:09:03 | Re: escapes in submitted docs comments |
| Previous Message | Christoph Berg | 2017-02-15 12:12:19 | New apt repo key version |