Hi Chris >Presumably you use DBI to get the data from your database. DBI provides
>an "escape the quotes" operation for strings containing single quotes. >You could perhaps use that to process your data prior to giving it to >H::T Do you mean the 'neat' or 'quote' methods of DBI? 'neat' doesn't escape single quotes contained in within a string. 'quote' does escape them but with another single quote and anyway is for tidying data for input. At least, that is how I understand it. >Interesting. Looks like an escape=quotemeta may be in order here. This >seems like something others might encounter at some point, so maybe it >should be added to HTML::Template. Unless I missing something, I agree with you Philip. If I have a template like this: tmpl_str = "It's a wonderful life"; <button onclick="javascript: js_str='<tmpl_var name="tmpl_str">';"><tmpl_var name="tmpl_str"></button> I end up with HTML like this: <button onclick="javascript: js_str='It's a wonderful life';">It's a wonderful life</button> The js_str is obviously broken but the inline text of the <button> is fine. I have thought about preping my data before sending it to htmltmpl and will obviously have to do that if I can't find a neat work around. It's going to be a pain though. I either extract an escaped and unescaped version of the same value from my db or mash the dataset around before passing it on to htmltmpl. To my mind it is the placement of the <tmpl_var> that is the deciding factor on whether to escape or not. In which case I would like to be able to say <tmpl_var escape=quote> or some such syntax. Cheers Glenn ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Html-template-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/html-template-users
