2 May
2008
2 May
'08
1:36 p.m.
On May 2, 2008, at 5:10 AM, Leslie P. Polzer wrote:
Why do you need to do that?
You don't need to escape after that point. You can just directly put the string (or any other lisp expression) as the argument to fmt.
Assume a malicious string ("<html>" in this case):
WHO[8]> (with-html-output (*standard-output*) (fmt "<~A>" "<html>")) <<html>> NIL WHO[9]> (with-html-output (*standard-output*) (fmt "<~A>" (escape- string "<html>"))) <<html>> NIL
Why don't you use escape-string directly instead then? Like in your example. Why use esc at all?