Bug report: ESC applied to attribute values produces spurious output
Jens Teich
info at jensteich.de
Tue Apr 30 19:13:28 UTC 2013
Am 30.04.13 21:02, schrieb Ron Garret:
>
> On Apr 30, 2013, at 11:47 AM, Stas Boukarev wrote:
>
>> Ron Garret <ron at flownet.com> writes:
>>
>>> ? (with-html-output-to-string (s) ((:a :href (esc "XXX")) (esc "YYY")))
>>> "<aXXX href='XXX'>YYY</a>"
>>>
>>> My actual use case is:
>>>
>>> (:a :onclick (esc "f('str')"))
>>>
>>> This is CL-WHO 1.1.1 acquired through quicklisp.
>> That's not a bug, the attributes don't need STR or ESC.
>> (with-html-output-to-string (s) ((:a :href (escape-string "XXX")) (esc "YYY")))
>
>
> Well, they need something if you want to embed a single-quoted string inside them:
>
> ? (with-html-output-to-string (s) ((:input :type :button :onclick "alert('foo')")))
> "<input type='BUTTON' onclick='alert('foo')' />"
You need parenscript
:onclick (ps (alert ...))
~jens
More information about the Cl-who-devel
mailing list