Unescaping attributes

57 views
Skip to first unread message

Yang Zhang

unread,
Oct 24, 2011, 8:17:36 PM10/24/11
to sca...@googlegroups.com
I'm trying to insert some unescaped attributes. This is for a
Javascript-interpreted attribute (via jQuery tmpl/knockout.js), where
"hello>0" is interpreted as the Javascript statements "hello & gt;
0".

I first tried:

td(data-bind="attr: {class: a() > b() ? 'green' : 'red'}")

But that gives me >, which as described above doesn't fly.

I then tried:

- escapeMarkup = false
td(data-bind="attr: {class: a() > b() ? 'green' : 'red'}")
- escapeMarkup = true

per https://groups.google.com/forum/#!topic/scalate/YjH8Ocb3abg, but
that didn't have any effect.

I then tried:

- escapeMarkup = false
td(data-bind={"attr: {class: a() > b() ? 'green' : 'red'}"})
- escapeMarkup = true

but that gave me a server-side parse error: Scalate doesn't match up
the braces properly (doesn't understand the nested quotes - seems like
a bug), so it coughs up:

`)' expected but `"' found

I finally tried:

- escapeMarkup = false
- val expr = "a() > b()"
td(data-bind={"attr: {class: " + expr + " ? 'green' : 'red'}"})
- escapeMarkup = true

This seems to work.

This was a bit of a bumpy experience and I'm still not sure this is
the best way to go about this. Any improvements?

BTW, along the way I found a potential extension to the Jade syntax
for unescaping attributes:

https://github.com/visionmedia/jade/issues/198

Also, is there anything akin to an "unescape block", so that instead of:

- escapeMarkup = false
...
- escapeMarkup = true

I can do something like this?

:unescape
... // this is still jade, so not looking for e.g. :plain

Thanks!

--
Yang Zhang
http://yz.mit.edu/

Yang Zhang

unread,
Oct 24, 2011, 8:27:55 PM10/24/11
to sca...@googlegroups.com

Oops, wrong snippet - that still didn't work. This is what I get for
using a simplified example that's different from my actual code (which
is too big to paste here).

I also tried:

- escapeMarkup = false
td{:data-bind => "attr: {class: a() > b() ? 'green' : 'red'}"}
- escapeMarkup = true

but that failed due to the "-" in "data-bind".

I had to capture the whole string including the braces. But anyway
you get the idea.

- escapeMarkup = false
- val expr = "attr: {class: a() > b() ? 'green' : 'red'}"
td(data-bind=attr)

Yang Zhang

unread,
Oct 24, 2011, 8:31:23 PM10/24/11
to sca...@googlegroups.com

Never mind, I jumped the gun - it still doesn't seem to be working.
`escapeMarkup = false` is having no effect on the ">". I'm lost. Any
pointers?

>
>>
>> This seems to work.
>>
>> This was a bit of a bumpy experience and I'm still not sure this is
>> the best way to go about this.  Any improvements?
>>
>> BTW, along the way I found a potential extension to the Jade syntax
>> for unescaping attributes:
>>
>> https://github.com/visionmedia/jade/issues/198
>>
>> Also, is there anything akin to an "unescape block", so that instead of:
>>
>> - escapeMarkup = false
>> ...
>> - escapeMarkup = true
>>
>> I can do something like this?
>>
>> :unescape
>>  ... // this is still jade, so not looking for e.g. :plain
>>
>> Thanks!
>>
>> --
>> Yang Zhang
>> http://yz.mit.edu/
>>
>
>
>
> --
> Yang Zhang
> http://yz.mit.edu/
>

Never mind,

James Strachan

unread,
Oct 25, 2011, 11:00:17 AM10/25/11
to sca...@googlegroups.com
On 25 October 2011 01:17, Yang Zhang <yangha...@gmail.com> wrote:
> I'm trying to insert some unescaped attributes. This is for a
> Javascript-interpreted attribute (via jQuery tmpl/knockout.js), where
> "hello&gt;0" is interpreted as the Javascript statements "hello & gt;
> 0".
>
> I first tried:
>
> td(data-bind="attr: {class: a() > b() ? 'green' : 'red'}")
>
> But that gives me &gt;, which as described above doesn't fly.
>
> I then tried:
>
> - escapeMarkup = false
> td(data-bind="attr: {class: a() > b() ? 'green' : 'red'}")
> - escapeMarkup = true
>
> per https://groups.google.com/forum/#!topic/scalate/YjH8Ocb3abg, but
> that didn't have any effect.
>
> I then tried:
>
> - escapeMarkup = false
> td(data-bind={"attr: {class: a() > b() ? 'green' : 'red'}"})
> - escapeMarkup = true
>
> but that gave me a server-side parse error: Scalate doesn't match up
> the braces properly (doesn't understand the nested quotes - seems like
> a bug), so it coughs up:

Yeah, there's a bug if you use a dynamic expression for an attribute
value - e.g. { ... } which inside the expression you use a String with
{ } inside; ideally the parser would gobble up whole strings and
ignore whats inside them etc.

We should fix that!
http://www.assembla.com/spaces/scalate/support/tickets/269


I've just checked in a sample template which generates the kinda thing
you want...
https://github.com/scalate/scalate/blob/master/samples/scalate-sample/src/main/webapp/jade/unescapedJS.jade#L5

its a little bit of a mouthful but the main thing is to generate an
Unescaped object with whatever text you need inside.

The output then generates...
<td foo="attr: {class: a() > b() ? 'green' : 'red'}">Something</td>

i.e. without any escaping of the attribute value.

I guess we should provide some syntax for specifying attribute values
which are not escaped?
I wonder if we could borrow something from filters...

td(foo=&"attr: {class: a() > b() ? 'green' : 'red'}")

or something like that? To basically wrap the attribute value in
Unescaped(value) so that we don't escape any of the special characters
in the attribute value

--
James
-------
FuseSource
Email: ja...@fusesource.com
Web: http://fusesource.com
Twitter: jstrachan, fusenews
Blog: http://macstrac.blogspot.com/

Open Source Integration and Messaging

Yang Zhang

unread,
Oct 25, 2011, 2:41:16 PM10/25/11
to sca...@googlegroups.com

Cool, Unescaped is just what I sought. (Should add a mention to the docs!)

>
> I guess we should provide some syntax for specifying attribute values
> which are not escaped?
> I wonder if we could borrow something from filters...
>
> td(foo=&"attr: {class: a() > b() ? 'green' : 'red'}")
>
> or something like that? To basically wrap the attribute value in
> Unescaped(value) so that we don't escape any of the special characters
> in the attribute value

Looks fine to me. :)

A follow-up question is what the scope of `escapeMarkup = false` is.
Does that just affect non-attribute (element body) substitutions?

>
> --
> James
> -------
> FuseSource
> Email: ja...@fusesource.com
> Web: http://fusesource.com
> Twitter: jstrachan, fusenews
> Blog: http://macstrac.blogspot.com/
>
> Open Source Integration and Messaging
>

--
Yang Zhang
http://yz.mit.edu/

Reply all
Reply to author
Forward
0 new messages