[Zope] Re: Error -> A TaintedString cannot be pickled

Chris McDonough chrism@zope.com
16 Apr 2003 16:08:55 -0400


Just do REQUEST.form.get('foo') instead of REQUEST['foo'] or
REQUEST.get('foo') to avoid the string tainting magic.

I don't agree that the REQUEST.get magic is a "hallmark of horrible
design".  I know I wouldn't want to go back to the days of Perl CGI,
worrying whether something was in the query string or was form elements
or in a cookie, in the environment, or wherever else.  99.9% of the
time, I don't care.  The .1 percent of the time that I do I can ask for
it explicitly from the namespace I want.

- C


On Wed, 2003-04-16 at 15:53, Jamie Heilman wrote:
> Josef Meile wrote:
> > One possible solution could be to convert all the "<" symbols to "&lt;". But
> > I was wondering if there is another way of dealing with this TaintedStrings
> > (appart of disabling the check, off course).
> 
> Make sure the variable in question gets explicitly pulled from the
> correct dictionary in the REQUEST object.  Personally I think
> REQUEST.get is a hallmark of horrible design anyway.  Has anyone
> written a HTTPRequest replacement that gets rid of "get magic"
> entirely?  I'm sure it would break a billion things, but I'd be
> interested in playing with it regardless.
>  
> -- 
> Jamie Heilman                   http://audible.transient.net/~jamie/
> "You came all this way, without saying squat, and now you're trying
>  to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
>  I liked you better when you weren't saying squat kid."	-Buddy
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )