diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2023-05-30 19:54:47 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2023-05-30 19:54:47 -0700 |
| commit | 01bf1850a916938a5c3a5bceea49ab68b8205dc5 (patch) | |
| tree | f85301a95722ad93953950b6ad77a1471ebae988 | |
| parent | 73e9aa23746b56d4921511c55b8b595b7609e21f (diff) | |
| download | tl-who-01bf1850a916938a5c3a5bceea49ab68b8205dc5.tar.gz tl-who-01bf1850a916938a5c3a5bceea49ab68b8205dc5.tar.bz2 tl-who-01bf1850a916938a5c3a5bceea49ab68b8205dc5.zip | |
Add escq and escj local macros.
The escq macro provides HTML escaping for the apostrophe
and double quote also, whereas esqj is for escaping material
to be put into a Javascript literal.
* packages.tl (tl-who): New symbols escq and escj.
* who.tl (attr-warning-macrolet): Add escq and escq to
list of WHO local macros that are not warned about if
they occur in attributes.
(with-html-output): Add escq and escj.
* test/simple.tl: Test 41 updated to include escq and
escj. New tests 42 and 43.
* README.md: Mention escq and escj.
| -rw-r--r-- | README.md | 6 | ||||
| -rw-r--r-- | packages.tl | 2 | ||||
| -rw-r--r-- | test/simple.tl | 14 | ||||
| -rw-r--r-- | who.tl | 10 |
4 files changed, 30 insertions, 2 deletions
@@ -186,6 +186,12 @@ Here are the differences to be aware of: * TL-WHO provides a `noesc-fmt` which doesn't HTML-escape. +* TL-WHO provides `escq` and `escj` local macros. `escq` is like `esc` + but also HTML-escapes the ASCII apostrophe and double quote. + `escj` escapes a string such that it can be safely interpolated into + a Javascript string literal, which is itself embedded in a HTML + `script` tag. + Additionally, users (of CL-WHO and TL-WHO alike) are advised to watch for the following issue: the CL-WHO documentation is not accurately maintained and makes some references to material that no longer exists in CL-WHO, such as the diff --git a/packages.tl b/packages.tl index 8aa93d6..bad0c40 100644 --- a/packages.tl +++ b/packages.tl @@ -39,6 +39,8 @@ "convert-attributes" "convert-tag-to-string-list" "esc" + "escq" + "escj" "fmt" "htm" "html-mode" diff --git a/test/simple.tl b/test/simple.tl index b9d1a65..8b8cb50 100644 --- a/test/simple.tl +++ b/test/simple.tl @@ -453,7 +453,7 @@ ;;; 41 ;;; Test that warning is produced when any of the WHO local macros are used in ;;; an Lisp expression that calculates an attribute -(each ((sym '(htm noesc-fmt fmt esc str))) +(each ((sym '(htm noesc-fmt fmt esc escq escj str))) (test (catch (eval '(progn (with-html-output-to-string (out) @@ -462,3 +462,15 @@ (warning (x) t)) t)) + +;;; 42 +;;; Test escq +(test (with-html-output-to-string (out) + (:p (escq "'\"") (esc "'\""))) + "<p>'"'\"</p>") + +;;; 43 +;;; Test escj +(test (with-html-output-to-string (out) + (:script "var x = \"" (escj "\"</script>\t") "\"")) + "<script>var x = \"\\\"<\\/script>\\t\"</script>") @@ -90,7 +90,7 @@ ^(macrolet ((,warn (f . rest) ^(compile-warning ,f "not recommended in attribute expr"))) - (macrolet ,(collect-each ((sym '(htm noesc-fmt fmt esc str))) + (macrolet ,(collect-each ((sym '(htm noesc-fmt fmt esc escq escj str))) ^(,sym (:form f . rest) (,warn f) f)) ,form)))) @@ -259,6 +259,14 @@ (with-gensyms (result) ^(whenlet ((,result ,thing)) (put-string (html-encode* ,result) ,',var)))) + (escq (thing) + (with-gensyms (result) + ^(whenlet ((,result ,thing)) + (put-string (html-encode ,result) ,',var)))) + (escj (thing) + (with-gensyms (result) + ^(whenlet ((,result ,thing)) + (put-string [(tojson (tostringp ,result)) 1..-1] ,',var)))) (str (thing) (with-gensyms (result) ^(whenlet ((,result ,thing)) |