[Zope-dev] Additional Quoting; Exposing Auxiliary Tag Functions via "_" (was: [Zope-dev] dtml-var tag suggestion) (was: [Zope-dev] dtml-var tag suggestion)

[Dieter Maurer]

Casey Duncan writes:
 > I have been using dtml to create dynamic JavaScripts for some forms I am
 > creating. In doing this I came upon the standard problem of inserting
 > strings containing double quotes into a JavaScript such as where title =
 > '"Quoted String"':
 > 
 > form.select.options[0].text = "<dtml-var title>";
 > 
 > And you wind up with this rendered:
 > 
 > form.select.options[0].text = ""Quoted String"";
 > 
 > I know there is the html_quote and sql_quote options to alleviate this
 > problem elsewhere. From what I can figure there is no other quote fixing
 > magic option for the above in the current dtml-var implementation.
 > 
 > Perhaps an options could be added to dtml-var in the future to handle this;
 > maybe something like "slash_quote". So that you get this rendered:

The existing "quote features" name the context for which quoting
is needed. The context determines what needs to be quoted and
how quoting has to be done.
Your proposal does not state the context but only the how.
Otherwise, I would think such an extension would be good.

Thus, I propose:

 1. new quoting directive "string_quote" quoting Python strings
    i.e. ", ' and \ are quoted.
    This would work for Javascript (and other languages with
    C-like quotation and string literals), too.

 2. all auxiliary functions for DTML tags, especially quoting,
    should be available via the namespace.

    To avaid namespace pollution, they may go into a separate
    module, say 'aux'.
    E.g. I would like to use quoting, formatting etc.
    inside DTML embedded Python expressions in a form like that:

    <dtml-var "... _.aux.fmt(x,'%m/%d/%Y')...">
    and
    <dtml-var ".... _.aux.sql_quote(x)...">


Dieter