Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Use the -command argument to regexp to provide wapp-subst and wapp-trim that are fast and that avoid doing command substitution outside of quoted regions. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
df36e56f70e45a7d6286aed5623a4d44 |
User & Date: | drh 2019-03-06 20:47:47.742 |
Context
2019-03-06
| ||
22:49 | Documentation tweaks. (check-in: ced8768917 user: drh tags: trunk) | |
20:47 | Use the -command argument to regexp to provide wapp-subst and wapp-trim that are fast and that avoid doing command substitution outside of quoted regions. (check-in: df36e56f70 user: drh tags: trunk) | |
19:43 | Update the documentation on wapp-subst to acknowledge that command substitution does occur outside of quoted regions. (check-in: 72cf27176a user: drh tags: trunk) | |
2018-02-19
| ||
12:32 | Attempt to reimplement wapp-subst and wapp-trim using the -command option to regsub. This prevents bracket-command evaluatation in unsubstituted script, but it does not handle backslash escapes quite right. (Closed-Leaf check-in: 9352328572 user: drh tags: regsub-command) | |
Changes
Changes to docs/commands.md.
︙ | ︙ | |||
34 35 36 37 38 39 40 | accidental substitutions. The "wapp-subst" command itself will do all necessary backslash substitutions. Command and variable substitutions occur within "%html(...)", "%url(...)", "%qp(...)", "%string(...)", and "%unsafe(...)". The substitutions are escaped (except in the case of "%unsafe(...)") so that the result is safe for inclusion within the body of an HTML document, a URL, a query parameter, or a javascript or | | | | > | | | 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | accidental substitutions. The "wapp-subst" command itself will do all necessary backslash substitutions. Command and variable substitutions occur within "%html(...)", "%url(...)", "%qp(...)", "%string(...)", and "%unsafe(...)". The substitutions are escaped (except in the case of "%unsafe(...)") so that the result is safe for inclusion within the body of an HTML document, a URL, a query parameter, or a javascript or JSON string literal, respectively. <b>Bug:</b> When using Tcl 8.6 or earlier, command substitution, but not variable substitution, occurs outside of the quoted regions. This problem is fixed using the new -command option to the regsub command in Tcl 8.7. Nevertheless, it is suggested that you avoid using the "[" character outside of the %-quotes. Use "\[" instead. + **wapp-trim** _TEXT_ Just like wapp-subst, this routine appends _TEXT_ to the web page under construction, using the %html, %url, %qp, %string, and %unsafe substitutions. The difference is that this routine also removes surplus whitespace from the left margin, so that if the _TEXT_ argument is indented in the source script, it will appear at the |
︙ | ︙ |
Changes to wapp.tcl.
︙ | ︙ | |||
69 70 71 72 73 74 75 | # In other words, use "%(...)%" instead of "(...)" to include the TCL string # to substitute. # # The %unsafe substitution should be avoided whenever possible, obviously. # In addition to the substitutions above, the text also does backslash # escapes. # | > > > > > | | > > > > > > > > > > > > > > > > > | | | | < < < < | | | | | | > | 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 | # In other words, use "%(...)%" instead of "(...)" to include the TCL string # to substitute. # # The %unsafe substitution should be avoided whenever possible, obviously. # In addition to the substitutions above, the text also does backslash # escapes. # # The wapp-trim proc works the same as wapp-subst except that it also removes # whitespace from the left margin, so that the generated HTML/CSS/Javascript # does not appear to be indented when delivered to the client web browser. # if {$tcl_version>=8.7} { proc wapp-subst {txt} { global wapp regsub -all -command \ {%(html|url|qp|string|unsafe){1,1}?(|%)\((.+)\)\2} $txt wappInt-enc txt dict append wapp .reply [subst -novariables -nocommand $txt] } proc wapp-trim {txt} { global wapp regsub -all {\n\s+} [string trim $txt] \n txt regsub -all -command \ {%(html|url|qp|string|unsafe){1,1}?(|%)\((.+)\)\2} $txt wappInt-enc txt dict append wapp .reply [subst -novariables -nocommand $txt] } proc wappInt-enc {all mode nu1 txt} { return [uplevel 2 "wappInt-enc-$mode \"$txt\""] } } else { proc wapp-subst {txt} { global wapp regsub -all {%(html|url|qp|string|unsafe){1,1}?(|%)\((.+)\)\2} $txt \ {[wappInt-enc-\1 "\3"]} txt dict append wapp .reply [uplevel 1 [list subst -novariables $txt]] } proc wapp-trim {txt} { global wapp regsub -all {\n\s+} [string trim $txt] \n txt regsub -all {%(html|url|qp|string|unsafe){1,1}?(|%)\((.+)\)\2} $txt \ {[wappInt-enc-\1 "\3"]} txt dict append wapp .reply [uplevel 1 [list subst -novariables $txt]] } } # There must be a wappInt-enc-NAME routine for each possible substitution # in wapp-subst. Thus there are routines for "html", "url", "qp", and "unsafe". # # wappInt-enc-html Escape text so that it is safe to use in the # body of an HTML document. |
︙ | ︙ |