On Apr 30, 2013, at 11:47 AM, Stas Boukarev wrote:

Ron Garret <ron@flownet.com> writes:

...

? (with-html-output-to-string (s) ((:a :href (esc "XXX")) (esc "YYY"))) "<aXXX href='XXX'>YYY</a>"

My actual use case is:

(:a :onclick (esc "f('str')"))

This is CL-WHO 1.1.1 acquired through quicklisp. That's not a bug, the attributes don't need STR or ESC. (with-html-output-to-string (s) ((:a :href (escape-string "XXX")) (esc "YYY")))

Well, they need something if you want to embed a single-quoted string inside them: ? (with-html-output-to-string (s) ((:input :type :button :onclick "alert('foo')"))) "<input type='BUTTON' onclick='alert('foo')' />" rg

On Apr 30, 2013, at 12:13 PM, Jens Teich wrote:

Am 30.04.13 21:02, schrieb Ron Garret:

...

On Apr 30, 2013, at 11:47 AM, Stas Boukarev wrote:

...

Ron Garret <ron@flownet.com> writes:

...

? (with-html-output-to-string (s) ((:a :href (esc "XXX")) (esc "YYY"))) "<aXXX href='XXX'>YYY</a>"

My actual use case is:

(:a :onclick (esc "f('str')"))

This is CL-WHO 1.1.1 acquired through quicklisp. That's not a bug, the attributes don't need STR or ESC. (with-html-output-to-string (s) ((:a :href (escape-string "XXX")) (esc "YYY")))

Well, they need something if you want to embed a single-quoted string inside them:

? (with-html-output-to-string (s) ((:input :type :button :onclick "alert('foo')"))) "<input type='BUTTON' onclick='alert('foo')' />"

You need parenscript

:onclick (ps (alert ...))

No, that won't help. PS just produces the same troublesome string: ? (parenscript::ps (alert "foo")) "alert('foo');" ? (with-html-output-to-string (s) ((:input :type :button :onclick (parenscript::ps (alert "foo"))))) "<input type='BUTTON' onclick='alert('foo');' />"

On Apr 30, 2013, at 12:33 PM, Jens Teich wrote:

Am 30.04.2013 21:19, schrieb Ron Garret:

...

On Apr 30, 2013, at 12:13 PM, Jens Teich wrote:

...

Am 30.04.13 21:02, schrieb Ron Garret:

...

On Apr 30, 2013, at 11:47 AM, Stas Boukarev wrote:

...

Ron Garret <ron@flownet.com> writes:

...

? (with-html-output-to-string (s) ((:a :href (esc "XXX")) (esc "YYY"))) "<aXXX href='XXX'>YYY</a>"

My actual use case is:

(:a :onclick (esc "f('str')"))

This is CL-WHO 1.1.1 acquired through quicklisp. That's not a bug, the attributes don't need STR or ESC. (with-html-output-to-string (s) ((:a :href (escape-string "XXX")) (esc "YYY")))

Well, they need something if you want to embed a single-quoted string inside them:

? (with-html-output-to-string (s) ((:input :type :button :onclick "alert('foo')"))) "<input type='BUTTON' onclick='alert('foo')' />" You need parenscript

:onclick (ps (alert ...)) No, that won't help. PS just produces the same troublesome string:

? (parenscript::ps (alert "foo")) "alert('foo');" ? (with-html-output-to-string (s) ((:input :type :button :onclick (parenscript::ps (alert "foo"))))) "<input type='BUTTON' onclick='alert('foo');' />"

(setq ps:*js-string-delimiter* #\" )

Ooh! So close! Turns out this exposes a bug in parenscript: ? (setq ps:*js-string-delimiter* #\" ) #\" ? (princ (ps:ps (alert "'\""))) alert("\'""); "alert(\"\\'\"\");" But I guess this is close enough for my current needs. Thanks! rg

Quoth Ron Garret <ron@flownet.com>:

On Apr 30, 2013, at 11:47 AM, Stas Boukarev wrote:

...

Ron Garret <ron@flownet.com> writes:

...

? (with-html-output-to-string (s) ((:a :href (esc "XXX")) (esc "YYY"))) "<aXXX href='XXX'>YYY</a>"

My actual use case is:

(:a :onclick (esc "f('str')"))

This is CL-WHO 1.1.1 acquired through quicklisp. That's not a bug, the attributes don't need STR or ESC. (with-html-output-to-string (s) ((:a :href (escape-string "XXX")) (esc "YYY")))

Well, they need something if you want to embed a single-quoted string inside them:

? (with-html-output-to-string (s) ((:input :type :button :onclick "alert('foo')"))) "<input type='BUTTON' onclick='alert('foo')' />"

You have a choice. You can either stick with single quotes around foo and change *attribute-quote-char* to double quotes, or leave *attribute-quote-char* as it is and use double quotes around foo.