Bug report: ESC applied to attribute values produces spurious output
Ron Garret
ron at flownet.com
Tue Apr 30 19:02:36 UTC 2013
On Apr 30, 2013, at 11:47 AM, Stas Boukarev wrote:
> Ron Garret <ron at flownet.com> writes:
>
>> ? (with-html-output-to-string (s) ((:a :href (esc "XXX")) (esc "YYY")))
>> "<aXXX href='XXX'>YYY</a>"
>>
>> My actual use case is:
>>
>> (:a :onclick (esc "f('str')"))
>>
>> This is CL-WHO 1.1.1 acquired through quicklisp.
> That's not a bug, the attributes don't need STR or ESC.
> (with-html-output-to-string (s) ((:a :href (escape-string "XXX")) (esc "YYY")))
Well, they need something if you want to embed a single-quoted string inside them:
? (with-html-output-to-string (s) ((:input :type :button :onclick "alert('foo')")))
"<input type='BUTTON' onclick='alert('foo')' />"
rg
More information about the Cl-who-devel
mailing list