Bug report: ESC applied to attribute values produces spurious output
Ron Garret
ron at flownet.com
Tue Apr 30 19:19:25 UTC 2013
On Apr 30, 2013, at 12:13 PM, Jens Teich wrote:
> Am 30.04.13 21:02, schrieb Ron Garret:
>>
>> On Apr 30, 2013, at 11:47 AM, Stas Boukarev wrote:
>>
>>> Ron Garret <ron at flownet.com> writes:
>>>
>>>> ? (with-html-output-to-string (s) ((:a :href (esc "XXX")) (esc "YYY")))
>>>> "<aXXX href='XXX'>YYY</a>"
>>>>
>>>> My actual use case is:
>>>>
>>>> (:a :onclick (esc "f('str')"))
>>>>
>>>> This is CL-WHO 1.1.1 acquired through quicklisp.
>>> That's not a bug, the attributes don't need STR or ESC.
>>> (with-html-output-to-string (s) ((:a :href (escape-string "XXX")) (esc "YYY")))
>>
>>
>> Well, they need something if you want to embed a single-quoted string inside them:
>>
>> ? (with-html-output-to-string (s) ((:input :type :button :onclick "alert('foo')")))
>> "<input type='BUTTON' onclick='alert('foo')' />"
>
> You need parenscript
>
> :onclick (ps (alert ...))
No, that won't help. PS just produces the same troublesome string:
? (parenscript::ps (alert "foo"))
"alert('foo');"
? (with-html-output-to-string (s) ((:input :type :button :onclick (parenscript::ps (alert "foo")))))
"<input type='BUTTON' onclick='alert('foo');' />"
More information about the Cl-who-devel
mailing list