Received: by 10.36.146.2 with SMTP id t2mr85281nzd;
        Thu, 31 Aug 2006 15:16:12 -0700 (PDT)
Return-Path: <g...@bel-epa.com>
Received: from ashpool.bel-epa.com (ghiggins-adsl.demon.co.uk [83.104.61.47])
        by mx.googlegroups.com with ESMTP id y6si106686nzg.2006.08.31.15.16.09;
        Thu, 31 Aug 2006 15:16:12 -0700 (PDT)
Received-SPF: pass (googlegroups.com: domain of g...@bel-epa.com designates 83.104.61.47 as permitted sender)
Received: from gjh by ashpool.bel-epa.com with local (Exim 4.43)
	id 1GIupS-0006h0-3k
	for markup-discuss@googlegroups.com; Thu, 31 Aug 2006 23:16:06 +0100
Received: by ashpool.bel-epa.com (tmda-sendmail, from uid 508);
	Thu, 31 Aug 2006 23:16:05 +0100
Received: from ono.bel-epa.com ([192.168.0.8])
	by ashpool.bel-epa.com with esmtpa (Exim 4.43) id 1GIupO-0006gn-Pc
	for markup-discuss@googlegroups.com; Thu, 31 Aug 2006 23:16:04 +0100
Mime-Version: 1.0 (Apple Message framework v752.2)
In-Reply-To: <1157060412.034767.254390@e3g2000cwe.googlegroups.com>
References: <8812FC9D-4F6F-41DA-B8A4-C4F3586FA5A4@gmx.de>
	<476b71e80608301137yf6f69d7odc3ff8fa503423b3@mail.gmail.com>
	<78A3DEBA-5187-43D9-B69B-1D4251F0F673@gmx.de>
	<1157060412.034767.254390@e3g2000cwe.googlegroups.com>
X-Gpgmail-State: !signed
Message-Id: <D4AE56E5-90C9-45EC-8820-1C0EC955B9FE@higginsandmacfarlane.com>
Date: Thu, 31 Aug 2006 23:16:01 +0100
To: markup-discuss@googlegroups.com
X-Mailer: Apple Mail (2.752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: TextMate bundle
X-Spam-Checker-Version: SpamAssassin 3.0.6 (2005-12-07) on ashpool.bel-epa.com
X-Spam-Level: 
X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=ham version=3.0.6
X-Delivery-Agent: TMDA/1.1.4 (Edradour)
From: Graham Higgins <gjhigg...@googlemail.com>
X-Primary-Address: g...@bel-epa.com
Sender:  <g...@bel-epa.com>
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Rcpt-To: markup-discuss@googlegroups.com
X-SA-Exim-Mail-From: g...@bel-epa.com
X-SA-Exim-Scanned: No (on ashpool.bel-epa.com); SAEximRunCond expanded to false


On 31 Aug 2006, at 22:40, Michele Cella wrote:

> 1) they open the door to add more application logic inside a template
> that IMHO should just contain presentation logic, it's big temptation
> the opportunity of embedding directly chunks of python code

Sometimes, pursuit of the presentation logic requires more  
sophisticated processing in the template (I found I needed a loop  
counter at one point). Pushing that processing back into the  
controller isn't a particularly good answer. In practice, with an  
appropriately-designed controller, there is minimal temptation to  
contaminate the template with application logic.

> 2) they allow any type of operation from the template and this will
> effectively make a markup template more difficult to be safely edited
> by untrusted sources

I dunno, that sounds like a sizeable penalty which is paid by  
everyone for the sake of what must be a very limited demand (?).

Perhaps, if Chris is considering adding <?python?> blocks, he could  
indicate how they might be discretely disabled (if that is feasible).

Cheers,

Graham Higgins.