needs built-in filtering of common html form input
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| web.py |
Confirmed
|
Medium
|
Anand Chitipothu | ||
Bug Description
i would like to suggest a unicode-aware filtering mechanism for web.py that would allow users of the framework to centralize the effort of filtering common html input, such as email addresses, telephone numbers, proper names, etc. The filters would be sent back in a storage container and allow the developer to easily add/build custom filters out of these basic pieces. By having this built-in to the framework I feel like it will encourage more developers to properly sanitize their input before throwing it at the database, or simply trusting the sqlify function to figure out what to do. i have some basic working code that i am using on a project that i will attach. i would like to create a better name for the function than the current "hc_cleanify" as well, suggestions welcome. the code currently trims all whitespace by default (again centralizing a common form validation function). the code could be expanded to include an argument that would limit the total characters to a certain length (24 characters or 100 characters for example. The code could also be expanded to support proper javascript validation if you want to return a null value if any of the unwanted characters are detected.
explanation of current code:
The function hc_cleanify() takes 2 arguments. the first is a unicode string, the second is a list of allowed characters (unicode-safe characters that is). This is the function that is used to filter out any unwanted characters because it loops through each character in the first argument, compares it to the list of allowed characters and drops it from the unicode string if it is not in that allowed list. Then this function returns the filtered unicode string.
The function get_filters() takes no arguments but returns a storage object of unicode strings that contain the allowable characters for commonly used form elements(more to come i'm sure). So you ask get_filters() for the basic sets of allowable characters, then you use those as your second argument in the function hc_cleanify. By having the allowable characters in a storage object, you can easily build new custom allowable character sets to quickly meet your form's needs while protecting your database from raunchy data.
the filters currently correctly handle filtering of special characters used in many people's names. see "filter_european"
| huntercross (hunter-ponticlaro) wrote | #1 |
| Changed in webpy: | |
| assignee: | nobody → anandology |
| importance: | Undecided → Medium |
| milestone: | none → 0.35 |
| status: | New → Confirmed |
