You really want your template language to automatically escape all strings unless they’re flagged as ‘I know this contains HTML and I know what I’m doing’. This stops many trivial forms of cross-site-scripting attacks. You probably also want certain columns of your database to be annotated in such a way that your CMS doesn’t accidentally display […]

Adding a metaweblog interface to django

I tend to reimplement the CMS that drives jerakeen.org more often than I add content to it, but the current Django based incarnation seems to have decent sticking power. A lot of this is Django’s magic admin interface middleware. When I add, say, a tagging engine to the site, I only need to worry about […]

the movable type import format

In a previous life, I was trying to import content from a Movable Type blog into Hayfever. Then I wanted to write an importer from Hayfever into WordPress. And wow the MT import format is nasty. Things that have annoyed me, in no particular order: There’s no charset considerations in the spec. I care deeply about […]

Blogging and Content Management

I’ve been toying with architectures for the Ultimate Content Management Application, a bit of vaporware that’s suffering from Second System Effect before I even come up with a coherent plan, and to do this I’ve been looking at content management systems. Well, ok, I’ve been trying to look at content management systems, because almost everything […]