On 21 April 2010 16:44, Travis Basevi <[email protected]> wrote: > Yes, I know that solution, but lets say the text comes from a database > or some other source rather than being hardcoded in the template. Is > there a more general/correct solution than something along the lines of: > > b.replace('_err_', a.replace('$','\$')); > > or its correct equivalent - figuring out what backslashes are needed > there makes my head hurt! > > On 21/04/2010 16:30, Andy Wardley wrote: >> On 21/04/2010 14:51, Travis Basevi wrote: >>> [% >>> a = 'this problem will cost me $50 million to fix'; >>> b = 'WARNING:_err_'; >>> b.replace('_err_', a); >>> %] >> >> The '$50' is being interpreted as a back-reference to the 50th >> set of capturing parens (of which there are none). >> >> Escaping the '$' with a backslash will fix it: >> >> a = 'this problem will cost me \$50 million to fix'; >> >> Problem solved! How do I claim my $50 million? :-) >> >> A >> >> You have to escape the data coming from the database before you use it. Not sure how you would do that for this case but consider the data tainted until you have.
Regards Lesley _______________________________________________ templates mailing list [email protected] http://mail.template-toolkit.org/mailman/listinfo/templates
