Mercurial > p > roundup > code
comparison doc/customizing.txt @ 5004:494d255043c9
Display errors containing HTML with RejectRaw (issue2550847)
In general outputting un-escaped HTML in a message to the user is an
unsafe operation, which is why error message are escaped by default. In
some cases though it is desirable for a detector to include HTML within
an error message. For these cases where HTML is required the RejectRaw
exception can be used within the detector.
| author | John Kristensen <john@jerrykan.com> |
|---|---|
| date | Sat, 10 Oct 2015 23:35:51 +1100 |
| parents | 2fce201a2b47 |
| children | b8a04cce88ff |
comparison
equal
deleted
inserted
replaced
| 5003:a9e0ef739241 | 5004:494d255043c9 |
|---|---|
| 926 | 926 |
| 927 from roundup.exceptions import Reject | 927 from roundup.exceptions import Reject |
| 928 | 928 |
| 929 And then when your rejection criteria have been detected, simply:: | 929 And then when your rejection criteria have been detected, simply:: |
| 930 | 930 |
| 931 raise Reject | 931 raise Reject('Description of error') |
| 932 | |
| 933 Error messages raised with ``Reject`` automatically have any HTML content | |
| 934 escaped before being displayed to the user. To display an error message to the | |
| 935 user without performing any HTML escaping the ``RejectRaw`` should be used. All | |
| 936 security implications should be carefully considering before using | |
| 937 ``RejectRaw``. | |
| 932 | 938 |
| 933 | 939 |
| 934 Generating email from Roundup | 940 Generating email from Roundup |
| 935 ----------------------------- | 941 ----------------------------- |
| 936 | 942 |