Re: [htdig] Problem with escaped quotes in templates in 3.1.6

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

According to Jason Scharlach:
> I'm trying to upgrade my htdig install to 3.1.6 to fix the security
> problems but there appear to be a inconsistancy with how they handle
> result templates.  The result templates (from 3.1.5) contain a good deal
> of javascript, with quite a few escaped quotes, like so: 
> 
> document.write('<area shape="rect" coords="0,43,178,57"
> href="javascript:openWindow(\'/pub/west/tools/rate_start.html\')">');
> 
> However, in 3.1.6 these pages throw off javascript errors.  I've poked
> around a bit and it appears as though 3.1.6 is tossing away the \ hence
> causing problems.  I can remedy the problem by adding an additional \ so
> the above line becomes:
> 
> document.write('<area shape="rect" coords="0,43,178,57"
> href="javascript:openWindow(\\'/pub/west/tools/rate_start.html\\')">');
> 
> Why did this change?  What's the deal?

This is rather odd.  There's been extremely little that's changed in
template handling from 3.1.5 to 3.1.6.  Nothing that would explain the
behaviour you're describing.  The template-related changes in 3.1.6 are:

- allows hyphen (-) in template variable names
- adds the $=(var) mechanism to hex-decode variable contents
- the addition of max_excerpts for handling multiple excerpts

It might help to know more about the specific context in which this
javascript code appears, i.e. in which file, and how that file is used.
When you say the result templates, do you mean the files referenced in 
template_map, like long.html and short.html?  What does the whole file
look like?

Another change that's in 3.2.0b4, and which I'm putting in 3.1.6
as well is:

- template_map is now a quoted string list rather than a string list,
  so that spaces can be embedded in the description strings

That shouldn't affect your templates in the future unless you're trying
to embed the javascript code above right into the description strings in
your template_map setting.

-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba  Phone:  (204)789-3766
Winnipeg, MB  R3E 3J7  (Canada)   Fax:    (204)789-3930