Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Template-output quoting (Warning: Contains JavaScript)

by tachyon (Chancellor)
on Dec 10, 2002 at 14:50 UTC ( #218793=note: print w/replies, xml ) Need Help??


in reply to Template-output quoting (Warning: Contains JavaScript)

But if the template code expands into "Hello Fred's World" then you'll get a syntax error as the apostrophe in Fred's is interpreted as the end of the string.

Ah, uhm, I don't think so. 'field' is a string literal not an interpolated variable.....Anyway here is some code that proves the point and shows you how to do s/this/that/g in javascript

<script> var problem = "O'dear"; document.write( 'problem' + "<br>\n" ); problem = problem.replace( /'/g, "\\'" ); document.write( 'still' + ' no ' + problem ); </script> __DATA__ problem<BR> still no O\'dear

Now I just have to log off, log on as my alter ego and downvote myself for contaminating the hallowed ground of PM.....It was only 4 lines. Hopefully the gods will be kind.

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

Replies are listed 'Best First'.
Re: Re: Template-output quoting (Warning: Contains JavaScript)
by perlcgi (Hermit) on Dec 11, 2002 at 10:34 UTC
    Dear dingus and tachyon, (and anyone else whose listening),
    Thanks for taking the trouble to respond and for pointing out how the regex expertise we lean form perl can easily be taken to JavaScript. ( I guess the same is true now for Java and C#).
    Anyways, my problem remains, perhaps because I have not explained the problem properly - the template codes can expand to any arbitrary string - so for example the template could expand to a string like:
    Larry said "Let there be light"; Bill swallowed hard.
    This gives a runtime error on my IE5.5 with JS debugging turned on. e.g.
    var problem = "Larry said "Let there be light"; Bill swallowed hard";
    Do you get my problem? Maybe it's impossible without opening the black-box.
    Thanks again for any suggestions, guys.
    perlcgi

      From what you are saying the way that the templating system is working is to arbirarily insert vars into the HTML as a pre-process. As such it can arbitrarily break your javascript before it can run. In this case by far the easiest solution, in fact probably the only solution will be to attack the source and send correctly escaped strings s/([^\w])/\\$1/g;

      The only other possible solution that occurs to me is trick the javascript thusly (pseudo code)

      <script> /* <VAR1> $var1 </VAR1> <VAR2> $var2 </VAR2> */ // now provided $var1 and $var2 did not contain the */ sequence // we should have all their values in pseudo XML within our // script. so now all we need to do is read the comment // somehow (don't know how but document.me.content.value or some // such probably holds the entire HTML text) and then use some regex // magic to extract the values we want // begin magic... </script>

      We trick the javacript to thinking that

      cheers

      tachyon

      s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

        Wow!
        Absolutely great idea, tachyon. Thank you! This is exactly the type of solution I was looking for.
        You are thinking outside the box!
        Wicked!
         xp++
        Take care in those flying machines,
        perlcgi.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://218793]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (6)
As of 2023-02-07 18:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I prefer not to run the latest version of Perl because:







    Results (40 votes). Check out past polls.

    Notices?