guile-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: avoid character encoding/escaping in sxml->xml or htmlprag's sxml->h

From: Aleix Conchillo Flaqué
Subject: Re: avoid character encoding/escaping in sxml->xml or htmlprag's sxml->html
Date: Sat, 20 Aug 2022 17:05:22 -0700
Hi Maxime,

On Sat, Aug 20, 2022 at 2:48 PM Maxime Devos <maximedevos@telenet.be> wrote:
>
> The GuileScript looks nice, for interested readers, see <https://github.com/aconchillo/guilescript>
>
> On 20-08-2022 21:59, Aleix Conchillo Flaqué wrote:
>
> However, I'm not able to find a way to avoid character encoding/escaping and the generated code inside <script> will always have "&lt;", etc. And <script> is a place where encodings can be avoided. This is true for both Guile and guile-lib's (htmlprag), even though htmlprag's escapes less characters (e.g. double quotes).
>
> One way I found to solve this was to have <script src="" and then have a handler for fib.js that would just return the transpiled string. But it's not as nice, it's extra work and it's also an additional roundtrip to the server.
>
> Has anyone ran into this issue? Would is make sense to add a keyword argument to (sxml->xml)? For example, (sxml->xml SXML PORT #:escape #f).
>
> > Having unescaped < in <script>...</script> does not seem valid XML to me.
>

According to the spec, embedding inline content in the <script> tag should conform to the language defined by the "type" attribute (defaults to _javascript_). So, I would expect you could put any string that conforms to JS.

"""
When used to include dynamic scripts, the scripts may either be embedded inline or may be imported from an external file using the src attribute. If the language is not that described by "text/_javascript_", then the type attribute must be present, as described below. Whatever language is used, the contents of the script element must conform with the requirements of that language's specification
"""

> Does escaping &lt; actually cause problems?  If so, you could look into declaring your web page as XHTML, with an appropriate doctype and Content-Type.
>
> I would expect XHTML to accept &lt; and reject unescaped <, being XML and not the messy syntax of HTML, but it's not something I have tried out myself.
>

It does, browsers (at least Chrome) don't interpret that correctly, since it's not valid _javascript_.

In any case, I just went by using my work around of loading the JS as a separate file:

https://github.com/aconchillo/guilescript/blob/master/examples/fibonacci-server.scm

Best,

Aleix
reply via email to
[Prev in Thread] Current Thread [Next in Thread]