it looks like:
<input type="text" name="ans3:string" size="35" value=""bar, spam"">
Obviously, if I then save changes, the value is gone altogether.
Is there a way of automatically converting quotes and other special characters to their escape codes (like the sqlquote method)?
Grovelling through the source I find something called html_quote in lib/python/DocumentTemplate/DT_Util.py, so I tried: <!--#var nastyvar html_quote--> Which seems to so the right thing in the generated source. I'm not sure how to get at the equivalent method call, though. Does that help? (p.s. there's url_quote, as well) -- Ross J. Reedstrom, Ph.D., <reedstrm@rice.edu> NSBRI Research Scientist/Programmer Computer and Information Technology Institute Rice University, 6100 S. Main St., Houston, TX 77005