zulip

Commit Graph

Author	SHA1	Message	Date
Zev Benjamin	fca8f84c14	[schema] Return highlighted subject and content from get_old_messages() when doing a search We HTML-escape the subject in Postgres to avoid a server round-trip. Unlike the rendered_content, which is already escaped and cached on zephyr_message, we normally escape subjects client-side. Escaping in Django would require fetching the messages that match the query, escaping the subjects, and then making a second query to Postgres to insert the markup. We could instead fetch the messages with subjects marked up using non-HTML (some unique string) that is later converted into the correct markup either in Django or client-side, but then the escaping problem would just be with some random string instead of HTML. Since the function is pretty simple, doing the escaping in Postgres itself is the least painful option. (imported from commit 004931d8e496697c18650aee97b1a74c55a04cb2)	2013-04-30 11:40:27 -04:00

Author

SHA1

Message

Date

Zev Benjamin

fca8f84c14

[schema] Return highlighted subject and content from get_old_messages() when doing a search

We HTML-escape the subject in Postgres to avoid a server round-trip.
Unlike the rendered_content, which is already escaped and cached on
zephyr_message, we normally escape subjects client-side.  Escaping in
Django would require fetching the messages that match the query,
escaping the subjects, and then making a second query to Postgres to
insert the markup.  We could instead fetch the messages with subjects
marked up using non-HTML (some unique string) that is later converted
into the correct markup either in Django or client-side, but then the
escaping problem would just be with some random string instead of
HTML.  Since the function is pretty simple, doing the escaping in
Postgres itself is the least painful option.

(imported from commit 004931d8e496697c18650aee97b1a74c55a04cb2)

2013-04-30 11:40:27 -04:00

1 Commits