[plt-scheme] web-server: apostrophe in form input

From: Doug Orleans (dougo at ccs.neu.edu)
Date: Fri Feb 14 20:41:52 EST 2003

Previous message: [plt-scheme] two tool ideas
Next message: [plt-scheme] ** PLT Scheme Projects -- Monthly Reminder **
Messages sorted by: [date] [thread] [subject] [author]

I have a servlet that generates a web page with a form; if there is an 
apostrophe in the "value" attribute of one of the form's input fields,
it gets sent out as "&apos;", which is not valid HTML, so it shows up
verbatim in the input field, instead of an actual apostrophe.  The
culprit is `xexpr->string':

  > (xexpr->string '(input ((value "x'y"))))
  "<input value=\"x&apos;y\" />"

There are a couple issues here:

1. I don't think apostrophes need to be escaped in XML attributes that 
   use double-quotes (http://www.w3.org/TR/REC-xml#NT-AttValue), so
   maybe this could just be removed from `escape-attribute-table' in
   collects/xml/private/writer.ss.

2. Sending XML as HTML seems like it's breaking an abstraction
   barrier; perhaps there should be an `xexpr->xhtml-string' (and/or
   `xml->xhtml') that cleans up any non-HTML-compliant XML stuff.  In
   this case, it could translate "&apos;" to "&#39;" as recommended by
   the XHTML specification (http://www.w3.org/TR/xhtml1/#C_16).
   (Or just use a real apostrophe.)

--dougo at ccs.neu.edu

Posted on the users mailing list.

Previous message: [plt-scheme] two tool ideas
Next message: [plt-scheme] ** PLT Scheme Projects -- Monthly Reminder **
Messages sorted by: [date] [thread] [subject] [author]