guile-user
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: avoid character encoding/escaping in sxml->xml or htmlprag's sxml->h


From: Aleix Conchillo Flaqué
Subject: Re: avoid character encoding/escaping in sxml->xml or htmlprag's sxml->html
Date: Sat, 20 Aug 2022 17:05:22 -0700

Hi Maxime,

On Sat, Aug 20, 2022 at 2:48 PM Maxime Devos <maximedevos@telenet.be> wrote:
>
> The GuileScript looks nice, for interested readers, see <
https://github.com/aconchillo/guilescript>
>
> On 20-08-2022 21:59, Aleix Conchillo Flaqué wrote:
>
> However, I'm not able to find a way to avoid character encoding/escaping
and the generated code inside <script> will always have "&lt;", etc. And
<script> is a place where encodings can be avoided. This is true for both
Guile and guile-lib's (htmlprag), even though htmlprag's escapes less
characters (e.g. double quotes).
>
> One way I found to solve this was to have <script src="fib.js"> and then
have a handler for fib.js that would just return the transpiled string. But
it's not as nice, it's extra work and it's also an additional roundtrip to
the server.
>
> Has anyone ran into this issue? Would is make sense to add a keyword
argument to (sxml->xml)? For example, (sxml->xml SXML PORT #:escape #f).
>
> > Having unescaped < in <script>...</script> does not seem valid XML to
me.
>

According to the spec, embedding inline content in the <script> tag should
conform to the language defined by the "type" attribute (defaults to
javascript). So, I would expect you could put any string that conforms to
JS.

"""
When used to include dynamic scripts, the scripts may either be embedded
inline or may be imported from an external file using the src attribute. If
the language is not that described by "text/javascript", then the type
attribute must be present, as described below. Whatever language is used,
the contents of the script element must conform with the requirements of
that language's specification
"""

> Does escaping &lt; actually cause problems?  If so, you could look into
declaring your web page as XHTML, with an appropriate doctype and
Content-Type.
>
> I would expect XHTML to accept &lt; and reject unescaped <, being XML and
not the messy syntax of HTML, but it's not something I have tried out
myself.
>

It does, browsers (at least Chrome) don't interpret that correctly, since
it's not valid JavaScript.

In any case, I just went by using my work around of loading the JS as a
separate file:

https://github.com/aconchillo/guilescript/blob/master/examples/fibonacci-server.scm

Best,

Aleix


reply via email to

[Prev in Thread] Current Thread [Next in Thread]