On Sun, 12 Jul 2009, hha...@gmail.com wrote: > On 12.7.2009, at 7.19, Dave Rolsky wrote: >> the point is that you don't want HTML >> escaping for js. > > Except when the javascript is inside HTML. Then you need both. > > $str = "I <3 you, Meller's Mongoose"; > <p onclick=" alert( '<% $str | h, js %>' ); ">click me</p> > > <p onclick=" alert( 'I <3 you, Meller\'s Mongoose' ); ">click me</p>
Which one small reason, among many, of why you shouldn't do that. Unobtrusive JS techniques let you avoid this entirely, and make sure much cleaner HTML and JS. -dave /*============================================================ http://VegGuide.org http://blog.urth.org Your guide to all that's veg House Absolute(ly Pointless) ============================================================*/ ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users
