[cl-who-devel] ESC inside FMT doesn't get expanded
Leslie P. Polzer
leslie.polzer at gmx.net
Fri May 2 09:10:45 UTC 2008
> Why do you need to do that?
>
> You don't need to escape after that point. You can just directly put
> the string (or any other lisp expression) as the argument to fmt.
Assume a malicious string ("<html>" in this case):
WHO[8]> (with-html-output (*standard-output*) (fmt "<~A>" "<html>"))
<<html>>
NIL
WHO[9]> (with-html-output (*standard-output*) (fmt "<~A>" (escape-string "<html>")))
<<html>>
NIL
Or did I misunderstand your question?
Leslie
More information about the Cl-who-devel
mailing list