Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Do you ever escape single quotes in template toolkit for necessary javascript handlers? If so, how do you do it.
[% SET s = "A'B'C" %]
<a href="/abc.html" onclick="popup('[% s | html_entity %]')">ABC</a>
html_entity obviously doesn’t work because it only handles the double quote. So how do you do it?
I don’t use the inlined event handlers — for the same reason I refuse to use the
styleattribute for css. Jquery just makes it to easy to doclass="foo"on the html and$('.foo').click( function () {} ), in an external.jsfile.But, for the purpose of doing my best to answer this question, check out these docs on
Template::Filterfor the ones in core.It seems as if you could do
[% s | replace( "'", "\\'" ) %], to escape single quotes. Or you could probably write a more complex sanitizing javascript parser that permits only function calls, and make your own Template::Filter