Re: Template-output quoting (Warning: Contains JavaScript)

But if the template code expands into "Hello Fred's World" then you'll get a syntax error as the apostrophe in Fred's is interpreted as the end of the string.

Ah, uhm, I don't think so. 'field' is a string literal not an interpolated variable.....Anyway here is some code that proves the point and shows you how to do s/this/that/g in javascript

<script>
var problem    = "O'dear";
document.write( 'problem' + "<br>\n" );
problem = problem.replace( /'/g, "\\'" );
document.write( 'still' + ' no ' + problem );
</script>
__DATA__
problem<BR>
still no O\'dear
[download]

Now I just have to log off, log on as my alter ego and downvote myself for contaminating the hallowed ground of PM.....It was only 4 lines. Hopefully the gods will be kind.

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

Comment on Re: Template-output quoting (Warning: Contains JavaScript) Download Code

Replies are listed 'Best First'.
Re: Re: Template-output quoting (Warning: Contains JavaScript) by perlcgi (Hermit) on Dec 11, 2002 at 10:34 UTC
Dear dingus and tachyon, (and anyone else whose listening), Thanks for taking the trouble to respond and for pointing out how the regex expertise we lean form perl can easily be taken to JavaScript. ( I guess the same is true now for Java and C#). Anyways, my problem remains, perhaps because I have not explained the problem properly - the template codes can expand to any arbitrary string - so for example the template could expand to a string like: Larry said "Let there be light"; Bill swallowed hard. This gives a runtime error on my IE5.5 with JS debugging turned on. e.g. `var problem = "Larry said "Let there be light"; Bill swallowed hard";` [download] Do you get my problem? Maybe it's impossible without opening the black-box. Thanks again for any suggestions, guys. perlcgi	[reply] [d/l]
Re: Re: Re: Template-output quoting (Warning: Contains JavaScript) by tachyon (Chancellor) on Dec 11, 2002 at 11:19 UTC
From what you are saying the way that the templating system is working is to arbirarily insert vars into the HTML as a pre-process. As such it can arbitrarily break your javascript before it can run. In this case by far the easiest solution, in fact probably the only solution will be to attack the source and send correctly escaped strings `s/([^\w])/\\$1/g;` The only other possible solution that occurs to me is trick the javascript thusly (pseudo code) `<script> /* <VAR1> $var1 </VAR1> <VAR2> $var2 </VAR2> / // now provided $var1 and $var2 did not contain the / sequence // we should have all their values in pseudo XML within our // script. so now all we need to do is read the comment // somehow (don't know how but document.me.content.value or some // such probably holds the entire HTML text) and then use some regex // magic to extract the values we want // begin magic... </script>` [download] We trick the javacript to thinking that cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply] [d/l] [select]
Re: Re: Re: Re: Template-output quoting (Warning: Contains JavaScript) by perlcgi (Hermit) on Dec 11, 2002 at 12:49 UTC
Wow! Absolutely great idea, tachyon. Thank you! This is exactly the type of solution I was looking for. You are thinking outside the box! Wicked! `xp++` Take care in those flying machines, perlcgi.	[reply] [d/l]


laziness, impatience, and hubris
	PerlMonks