Re: [pgsql-www] escapes in submitted docs comments
| От | Magnus Hagander |
|---|---|
| Тема | Re: [pgsql-www] escapes in submitted docs comments |
| Дата | |
| Msg-id | CABUevEzLHbZDS824KxJvyQFSteMq=rsQ-E5qUJT6S257cpH8qw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [pgsql-www] escapes in submitted docs comments (Daniel Gustafsson <daniel@yesql.se>) |
| Ответы |
Re: [pgsql-www] escapes in submitted docs comments
|
| Список | pgsql-www |
On Wed, Feb 15, 2017 at 1:13 PM, Daniel Gustafsson <daniel@yesql.se> wrote:
> On 15 Feb 2017, at 12:52, Alvaro Herrera <alvherre@2ndquadrant.com> wrote:
>
> Daniel Gustafsson wrote:
>>> On 02 Feb 2017, at 22:47, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
>>>
>>> The docs comments coming in through pgsql-docs look like this:
>>>
>>> select instr('010000101001001','1',-1) from dual
>>>
>>> Can the escaping be fixed?
>>
>> AFAIU with Django, to avoid the escaping the form content would have to be
>> marked safe which seems.. unsafe. Given the nature of SQL and the comments we
>> get, perhaps the simple approach is to just replace the unicode quote since it
>> will be quite common? Something along the lines of the (untested) diff below?
>
> There are plenty of other characters being escaped, though. Can't we
> just do something like "parse this html piece as text" instead?
> ("unescape" I suppose). We're only sending it in a text/plain email, so
> there's no worry of misinterpreted HTML.
Perhaps not, I guess I’m just scared about potentially “helpful” MUA’s who see
HTML and renders even if it’s in text/plain. That being said, I don’t think
I’ve seen one in quite some time.
If a helpful MUA does that in text that's clearly set to text/plain, there is really no helping the poor soul who uses it.
And the mails we generate don't even have a text/html part, so I think we should be perfectly safe.
В списке pgsql-www по дате отправления: