Bug report: ESC applied to attribute values produces spurious output
Ron Garret
ron at flownet.com
Tue Apr 30 19:46:46 UTC 2013
On Apr 30, 2013, at 12:33 PM, Jens Teich wrote:
> Am 30.04.2013 21:19, schrieb Ron Garret:
>> On Apr 30, 2013, at 12:13 PM, Jens Teich wrote:
>>
>>> Am 30.04.13 21:02, schrieb Ron Garret:
>>>> On Apr 30, 2013, at 11:47 AM, Stas Boukarev wrote:
>>>>
>>>>> Ron Garret <ron at flownet.com> writes:
>>>>>
>>>>>> ? (with-html-output-to-string (s) ((:a :href (esc "XXX")) (esc "YYY")))
>>>>>> "<aXXX href='XXX'>YYY</a>"
>>>>>>
>>>>>> My actual use case is:
>>>>>>
>>>>>> (:a :onclick (esc "f('str')"))
>>>>>>
>>>>>> This is CL-WHO 1.1.1 acquired through quicklisp.
>>>>> That's not a bug, the attributes don't need STR or ESC.
>>>>> (with-html-output-to-string (s) ((:a :href (escape-string "XXX")) (esc "YYY")))
>>>>
>>>> Well, they need something if you want to embed a single-quoted string inside them:
>>>>
>>>> ? (with-html-output-to-string (s) ((:input :type :button :onclick "alert('foo')")))
>>>> "<input type='BUTTON' onclick='alert('foo')' />"
>>> You need parenscript
>>>
>>> :onclick (ps (alert ...))
>> No, that won't help. PS just produces the same troublesome string:
>>
>> ? (parenscript::ps (alert "foo"))
>> "alert('foo');"
>> ? (with-html-output-to-string (s) ((:input :type :button :onclick (parenscript::ps (alert "foo")))))
>> "<input type='BUTTON' onclick='alert('foo');' />"
>>
>>
>>
> (setq ps:*js-string-delimiter* #\" )
Ooh! So close! Turns out this exposes a bug in parenscript:
? (setq ps:*js-string-delimiter* #\" )
#\"
? (princ (ps:ps (alert "'\"")))
alert("\'"");
"alert(\"\\'\"\");"
But I guess this is close enough for my current needs. Thanks!
rg
More information about the Cl-who-devel
mailing list