Michel Vayssade wrote:
Hi,
Inside a dtml I write back to the browser the previous content of a form with : <input type="text" size="20" name="<dtml-var "lesattr[index]">" class="form-element" value="<dtml-var "lesvals[index]">" >
<input type="text" size="50" name=txt<dtml-var sequence-index> class="form-element" value="<dtml-var "lisvals[_['sequence-index']][0]">" >
all is good ... until somebody enter a text including double-quotes then dtml take the " in the text as the terminating quote
how can I deal with these embeded quotes ?
Hi, Michel I tend to use html_quote, e.g., <input type="text" size="20" name="<dtml-var "lesattr[index]">" class="form-element" value="<dtml-var "lesvals[index]" html_quote>" > <input type="text" size="50" name=txt<dtml-var sequence-index> class="form-element" value="<dtml-var "lisvals[_['sequence-index']][0]" html_quote>" > This escapes (entityizes) ordinary undesirable markup. It is particularly good if you have users who like to write cool stuff like '<table>'! -- Jim Washington