Bug report: ESC applied to attribute values produces spurious output
Sebastian Tennant
sdt at sebyte.me
Tue Apr 30 20:55:53 UTC 2013
Quoth Ron Garret <ron at flownet.com>:
> On Apr 30, 2013, at 11:47 AM, Stas Boukarev wrote:
>
>> Ron Garret <ron at flownet.com> writes:
>>
>>> ? (with-html-output-to-string (s) ((:a :href (esc "XXX")) (esc "YYY")))
>>> "<aXXX href='XXX'>YYY</a>"
>>>
>>> My actual use case is:
>>>
>>> (:a :onclick (esc "f('str')"))
>>>
>>> This is CL-WHO 1.1.1 acquired through quicklisp.
>> That's not a bug, the attributes don't need STR or ESC.
>> (with-html-output-to-string (s) ((:a :href (escape-string "XXX")) (esc "YYY")))
>
>
> Well, they need something if you want to embed a single-quoted string inside them:
>
> ? (with-html-output-to-string (s) ((:input :type :button :onclick "alert('foo')")))
> "<input type='BUTTON' onclick='alert('foo')' />"
You have a choice. You can either stick with single quotes around foo and
change *attribute-quote-char* to double quotes, or leave *attribute-quote-char*
as it is and use double quotes around foo.
More information about the Cl-who-devel
mailing list