RE: [htmltmpl] escaping quotes [was: (no subject)]
Brought to you by:
samtregar
From: Glenn M. <Glenn@MorganConsulting.fsnet.co.uk> - 2002-07-08 08:42:34
|
Glad this thread got picked up again. Quickly going over old ground, here is a real example of a template and resultant html I am producing. <tr onClick=" doReturnValues({ 'account_details': [ '<tmpl_var name="acc_id">', '<tmpl_var name="name_tx">', '<tmpl_var name="company_tx">' ] }); parent.close();" > <td><tmpl_var name="acc_id"> </td> <td><tmpl_var name="name_tx"> </td> <td><tmpl_var name="company"> </td> </tr> <tr onClick=" doReturnValues({ 'account_details': [ '10', 'Mr. A Another's Brother', 'Another Company' ] }); parent.close();" > <td>10 </td> <td>Mr. A Another's brother </td> <td>Another Company </td> </tr> The javascript in the onClick event of the row is broken because of the character sequence - Another's Since a single piece of data is used in several contexts I have to escape in several ways. Which leaves me with a couple of options 1) I create several sets of the same data and pre filter for all the various replacement contexts before handing over to html-tmpl for substitution. 2) I post filter my html searching for js literal strings to escape. Neither of these are very appealing. The one thing I do know is the context of the replacement at tmpl design time. Therefore it would be the perfect place to specify escape filtering. > Mmm, maybe. Or a way to add new escapes at runtime. Sam - I like this. Maybe definitions could be held in a config file that could be overridden at runtime. The file could include the defaults already used (HTML , etc) and new ones could easily be added if the need arose. David Kaufman posted a patch he'd written for v2.4 that did the trick. It includes a few more character sequences that croak as well. Thanks for the help Glenn |