From 01bf1850a916938a5c3a5bceea49ab68b8205dc5 Mon Sep 17 00:00:00 2001 From: Kaz Kylheku Date: Tue, 30 May 2023 19:54:47 -0700 Subject: Add escq and escj local macros. The escq macro provides HTML escaping for the apostrophe and double quote also, whereas esqj is for escaping material to be put into a Javascript literal. * packages.tl (tl-who): New symbols escq and escj. * who.tl (attr-warning-macrolet): Add escq and escq to list of WHO local macros that are not warned about if they occur in attributes. (with-html-output): Add escq and escj. * test/simple.tl: Test 41 updated to include escq and escj. New tests 42 and 43. * README.md: Mention escq and escj. --- README.md | 6 ++++++ packages.tl | 2 ++ test/simple.tl | 14 +++++++++++++- who.tl | 10 +++++++++- 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2cfa042..a4baa48 100644 --- a/README.md +++ b/README.md @@ -186,6 +186,12 @@ Here are the differences to be aware of: * TL-WHO provides a `noesc-fmt` which doesn't HTML-escape. +* TL-WHO provides `escq` and `escj` local macros. `escq` is like `esc` + but also HTML-escapes the ASCII apostrophe and double quote. + `escj` escapes a string such that it can be safely interpolated into + a Javascript string literal, which is itself embedded in a HTML + `script` tag. + Additionally, users (of CL-WHO and TL-WHO alike) are advised to watch for the following issue: the CL-WHO documentation is not accurately maintained and makes some references to material that no longer exists in CL-WHO, such as the diff --git a/packages.tl b/packages.tl index 8aa93d6..bad0c40 100644 --- a/packages.tl +++ b/packages.tl @@ -39,6 +39,8 @@ "convert-attributes" "convert-tag-to-string-list" "esc" + "escq" + "escj" "fmt" "htm" "html-mode" diff --git a/test/simple.tl b/test/simple.tl index b9d1a65..8b8cb50 100644 --- a/test/simple.tl +++ b/test/simple.tl @@ -453,7 +453,7 @@ ;;; 41 ;;; Test that warning is produced when any of the WHO local macros are used in ;;; an Lisp expression that calculates an attribute -(each ((sym '(htm noesc-fmt fmt esc str))) +(each ((sym '(htm noesc-fmt fmt esc escq escj str))) (test (catch (eval '(progn (with-html-output-to-string (out) @@ -462,3 +462,15 @@ (warning (x) t)) t)) + +;;; 42 +;;; Test escq +(test (with-html-output-to-string (out) + (:p (escq "'\"") (esc "'\""))) + "

'"'\"

") + +;;; 43 +;;; Test escj +(test (with-html-output-to-string (out) + (:script "var x = \"" (escj "\"\t") "\"")) + "") diff --git a/who.tl b/who.tl index 8ec502d..5faf319 100644 --- a/who.tl +++ b/who.tl @@ -90,7 +90,7 @@ ^(macrolet ((,warn (f . rest) ^(compile-warning ,f "not recommended in attribute expr"))) - (macrolet ,(collect-each ((sym '(htm noesc-fmt fmt esc str))) + (macrolet ,(collect-each ((sym '(htm noesc-fmt fmt esc escq escj str))) ^(,sym (:form f . rest) (,warn f) f)) ,form)))) @@ -259,6 +259,14 @@ (with-gensyms (result) ^(whenlet ((,result ,thing)) (put-string (html-encode* ,result) ,',var)))) + (escq (thing) + (with-gensyms (result) + ^(whenlet ((,result ,thing)) + (put-string (html-encode ,result) ,',var)))) + (escj (thing) + (with-gensyms (result) + ^(whenlet ((,result ,thing)) + (put-string [(tojson (tostringp ,result)) 1..-1] ,',var)))) (str (thing) (with-gensyms (result) ^(whenlet ((,result ,thing)) -- cgit v1.2.3