[cl-who-devel] escaping attributes question

Edi Weitz edi at agharta.de
Tue May 22 20:04:43 UTC 2007


On Tue, 22 May 2007 17:07:59 +1000, "Simon Cusack" <scusack at fastmail.com.au> wrote:

> But you know that all values in the attribute position are always
> going to the html output stream and for it to be interpreted
> properly it should be escaped.
>
> The decision to always emit to the html stream rather than requiring
> an esc, fmt or prn for all attribute values means that the values
> being emitted here are already getting special treatment from
> CL-WHO.
>
> If the default position is a hands off one, then strictly speaking
> shouldn't all attribute values them be enclosed in (str ...), etal?

I don't think so.  The "evaluation model" (so to say) for the body is
different from the attribute values, because the body can contain
other, nested elements while the attribute values can only be
character content.



More information about the Cl-who-devel mailing list