Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Use the -command argument to regexp to provide wapp-subst and wapp-trim that are fast and that avoid doing command substitution outside of quoted regions. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
df36e56f70e45a7d6286aed5623a4d44 |
| User & Date: | drh 2019-03-06 20:47:47.742 |
Context
|
2019-03-06
| ||
| 22:49 | Documentation tweaks. (check-in: ced8768917 user: drh tags: trunk) | |
| 20:47 | Use the -command argument to regexp to provide wapp-subst and wapp-trim that are fast and that avoid doing command substitution outside of quoted regions. (check-in: df36e56f70 user: drh tags: trunk) | |
| 19:43 | Update the documentation on wapp-subst to acknowledge that command substitution does occur outside of quoted regions. (check-in: 72cf27176a user: drh tags: trunk) | |
|
2018-02-19
| ||
| 12:32 | Attempt to reimplement wapp-subst and wapp-trim using the -command option to regsub. This prevents bracket-command evaluatation in unsubstituted script, but it does not handle backslash escapes quite right. (Closed-Leaf check-in: 9352328572 user: drh tags: regsub-command) | |
Changes
Changes to docs/commands.md.
| ︙ | ︙ | |||
34 35 36 37 38 39 40 |
accidental substitutions.
The "wapp-subst" command itself will do all necessary backslash
substitutions. Command and variable substitutions occur within
"%html(...)", "%url(...)", "%qp(...)", "%string(...)", and
"%unsafe(...)". The substitutions are escaped (except in the case of
"%unsafe(...)") so that the result is safe for inclusion within the
body of an HTML document, a URL, a query parameter, or a javascript or
| | | | > | | | 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
accidental substitutions.
The "wapp-subst" command itself will do all necessary backslash
substitutions. Command and variable substitutions occur within
"%html(...)", "%url(...)", "%qp(...)", "%string(...)", and
"%unsafe(...)". The substitutions are escaped (except in the case of
"%unsafe(...)") so that the result is safe for inclusion within the
body of an HTML document, a URL, a query parameter, or a javascript or
JSON string literal, respectively. <b>Bug:</b> When using Tcl 8.6 or
earlier, command substitution, but not variable substitution, occurs
outside of the quoted regions. This problem is fixed using the new
-command option to the regsub command in Tcl 8.7. Nevertheless,
it is suggested that you avoid using the "[" character outside of
the %-quotes. Use "\[" instead.
+ **wapp-trim** _TEXT_
Just like wapp-subst, this routine appends _TEXT_ to the web page
under construction, using the %html, %url, %qp, %string, and %unsafe
substitutions. The difference is that this routine also removes
surplus whitespace from the left margin, so that if the _TEXT_
argument is indented in the source script, it will appear at the
|
| ︙ | ︙ |
Changes to wapp.tcl.
| ︙ | ︙ | |||
69 70 71 72 73 74 75 | # In other words, use "%(...)%" instead of "(...)" to include the TCL string # to substitute. # # The %unsafe substitution should be avoided whenever possible, obviously. # In addition to the substitutions above, the text also does backslash # escapes. # | > > > > > | | > > > > > > > > > > > > > > > > > | | | | < < < < | | | | | | > | 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
# In other words, use "%(...)%" instead of "(...)" to include the TCL string
# to substitute.
#
# The %unsafe substitution should be avoided whenever possible, obviously.
# In addition to the substitutions above, the text also does backslash
# escapes.
#
# The wapp-trim proc works the same as wapp-subst except that it also removes
# whitespace from the left margin, so that the generated HTML/CSS/Javascript
# does not appear to be indented when delivered to the client web browser.
#
if {$tcl_version>=8.7} {
proc wapp-subst {txt} {
global wapp
regsub -all -command \
{%(html|url|qp|string|unsafe){1,1}?(|%)\((.+)\)\2} $txt wappInt-enc txt
dict append wapp .reply [subst -novariables -nocommand $txt]
}
proc wapp-trim {txt} {
global wapp
regsub -all {\n\s+} [string trim $txt] \n txt
regsub -all -command \
{%(html|url|qp|string|unsafe){1,1}?(|%)\((.+)\)\2} $txt wappInt-enc txt
dict append wapp .reply [subst -novariables -nocommand $txt]
}
proc wappInt-enc {all mode nu1 txt} {
return [uplevel 2 "wappInt-enc-$mode \"$txt\""]
}
} else {
proc wapp-subst {txt} {
global wapp
regsub -all {%(html|url|qp|string|unsafe){1,1}?(|%)\((.+)\)\2} $txt \
{[wappInt-enc-\1 "\3"]} txt
dict append wapp .reply [uplevel 1 [list subst -novariables $txt]]
}
proc wapp-trim {txt} {
global wapp
regsub -all {\n\s+} [string trim $txt] \n txt
regsub -all {%(html|url|qp|string|unsafe){1,1}?(|%)\((.+)\)\2} $txt \
{[wappInt-enc-\1 "\3"]} txt
dict append wapp .reply [uplevel 1 [list subst -novariables $txt]]
}
}
# There must be a wappInt-enc-NAME routine for each possible substitution
# in wapp-subst. Thus there are routines for "html", "url", "qp", and "unsafe".
#
# wappInt-enc-html Escape text so that it is safe to use in the
# body of an HTML document.
|
| ︙ | ︙ |