[Zope] prevent quoting in tal:attributes
Milos Prudek
prudek at bvx.cz
Sat Sep 13 09:02:38 EDT 2003
> Yes, that displays the __source__, not the parsed result. When the
> browser parses the source, it replaces the entity with its replacement
> text. The javascript engine gets the value after that.
Tom,
You were right, and I was wrong.
It turned out that the problem was JavaScript. I included it from
another document via <script ... tal:content="here/myscript">, and I
should have used <script ... tal:content="structure here/myscript">. Not
using "structure" meant that many characters such as "<" and ">" were
escaped, and browsers cannot deal with that.
To sum it up, HTML entities are allowed and work in HTML attributes, but
they are NOT allowed in JavaScript source.
Still, the automatic escaping in tal:attributes obfuscates the HTML, and
I hate that, but at least it works.
Thank you very much, Tom!
--
Milos Prudek
_________________
Most websites are
confused chintzy gaudy conflicting tacky unpleasant... unusable.
Learn how usable YOUR website is! http://www.spoxdesign.com
More information about the Zope
mailing list