On May 20, 2013, at 2:44 AM, Marius Gedminas <[email protected]> wrote: > On Mon, May 20, 2013 at 02:21:05AM -0400, Donald Stufft wrote: >> >> On May 20, 2013, at 2:18 AM, Lennart Regebro <[email protected]> wrote: >> >>> On Sun, May 19, 2013 at 10:20 PM, Donald Stufft <[email protected]> wrote: >>>> Hrm, ZPT doesn't seem to be stripping the CDATA or unescaping the strings? >>>> >>>> https://gist.github.com/dstufft/5608838 is what i have in the template >>>> file and that appears verbatim in the output? >>> >>> Yes? It will escape *data* inserted into the template (unless told not >>> to), but what is in the template will appear in the output unescaped. >>> I'm not sure how any template system can work otherwise, but perhaps >>> I've been using Zope too long. :-) >>> >>> //Lennart >> >> Maybe you can tell me what I'm doing wrong? > > Using zope.pagetemplate. ;) > > More seriously, zope.pagetemplate has two parsing modes: HTML and XML. > Nobody actually uses the XML mode (pt files start with an <?xml?> > declaration, all tal/metal namespaces must be explicitly defined using > xmlns:tal=url-that-nobody-can-remember). The HTML mode allows you to > write Javascript just like you would do it in a browser, with no extra > XML-quoting: > > <script type="text/javascript> > if (1 < 2) alert("it works!"); > </script> > > Does this not work for you? I'm currently looking at a Zope3 app that > does precisely this in its working page templates. > >> I need to insert a <script> tag with Javascript in it. Tres told me to >> put the contents of the script tag in CDATA blocks which I did, and >> then when the template was rendered it still had the CDATA blocks so >> it was invalid javascript. > > I seem to recall hacks of the form > > <script ...> > // <![CDATA[ > ... > // ]]> > </script> > > but I haven't seen one in a really long time.
Using this works though, so awesome! > >> He also said to just put the javascript in the body of the script but >> xml escape it. Which I did, and when the template was rendered the >> data was still xml escaped and again invalid javascript. > > I think scripts in XHTML were supposed to be XML-escaped. AFAIU > zope.pagetemplate was designed back when XHTML was supposed to be The > Bright Future of the Web. > > Marius Gedminas > -- > Always proofread carefully to see if you any words out. > _______________________________________________ > Distutils-SIG maillist - [email protected] > http://mail.python.org/mailman/listinfo/distutils-sig ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
