On Tue, Nov 13, 2001 at 03:50:11AM -0600, Jeff Rush wrote: > * Quixote doesn't seem to put in BASE_URL directives in generated > html output, making it a bit clumsy to construct relative URLs. How does having BASE_URL in the _output_ help you? Sorry, I don't know beans about Zope so you have to explain this one. > * I'm looking for the equivalent of url_quote and html_quote to > wrap strings in python-generated output. Look in the quixote.html module. > * I'm looking for how to require a basic auth login on selected > pages -- need to do something re request.response.set_status(...) > and check for http header auth fields. I need Zope's userID > framework on top of which to build security features. Quixote doesn't do HTTP auth. We implement our own auth system using cookies. Look at the AccessError exception and the _q_access special name. > * what are form tokens in session objects? They prevent cross-site request forgeries (CSRF). See: http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00216.html for an introduction. It's a nasty problem. The tokens also have the nice side effect of preventing forms from being submitted twice, say, if the back button is used. > * not sure of correct way to handle URLs with '.' in them, > as in programmatically generated .gif responses. Looks like > it requires _q_name() ? We never ran into this problem. I guess _q_name would be the solution. Do you need to have a dot? Couldn't you just set the content-type appropriately? > * I miss a whole set of URL path manipulation functions, although > I think I can get by with os.path.XXX in most cases. Mostly > I just need a 'parent' or 'container' request attribute. We use request.get_path() and request.get_path(n) frequently to build URLs. For example, to make a URL to the parent container: request.get_path(1) + "/" > Quixote could use a sample app showing that, catching certain http > responses and rolling back ZODB. Our ZODB related Quixote subclasses should probably be merged into the Quixote distribution. It looks like Greg sent you most of the interesting bits. Feel free to ask questions. Neil