Forum OpenACS Development: Default HTML quoting in the templating system: the noquote patch

I was chatting with Dirk just now about the noquote patch that Jeff brought up in this thread. I would like to re-raise the question that Jeff is asking - should we do noquote for 4.7? A number of issues to consider:

  • What is the benefit of the noquote change? There seems to be general consensus that noquote is the right design. As Hrvoje says - application programmers not quoting certain variables can break pages and even be a security problem.
  • How much work is it to do the noquote change? The process is exceedingly well described by Hrvoje in the linked thread above so we have a good starting point. Maybe Hrvoje, Dirk, Branimir, or someone else from the Munich office can refresh my memory here. I seem to remember us being 3-4 people going over all adp templates and fixing most of them within a couple of days. However, I also remember that we were gradually fixing over quoted variables in adp:s for several weeks following that.
  • Given costs and benefits, should we do noquote ever?
  • If we decide to do the noqoute change, when should we do it? There is a case for making the change sooner rather than later as we expect our documentation and code base to grow the work involved in making the noqutoe change will grow as well.

Me and Dirk are willing to take on leadership of this change if we get a handful of volunteers to help us out with going over and testing adp:s in all our applications.

I just edited your subject line because the notifications system has a 100-character limit on subject lines and the Tcl code doesn't chop the "Re:" response to 100 chars, so my answer to you died.


(grumble grumble)

I think you and Dirk should do as you suggest for 4.7, yes indeed.

This one's slipped through the cracks two or three times due to lack of resources.

So I'm glad to see this item in competent hands.  Go for it!