On Thu, Jun 20, 2002 at 06:55:53PM -0700, Quinn Dunkan wrote:
> First, am I correct that value_quote(s) is redundant since
> '"' + html_quote(s) + '"' is just as good?

Yes, html_quote() replaces '"' with '"e;' and '&' with '&'.

> Secondly, is link_url = html_quote(url_quote(url)) correct usage
> (assuming 'url' doesn't include a query string)?

The html_quote is not necessary since url_quote() replaces '"', '&' and
' '.  Spaces need to be quoted because of a Netscape 4 bug.

> Currently, I have a lot of html_quote()s and url_quote()s sprinkled
> throughout my template code, which is sort of repetetive and
> error-prone (too much quoting, not enough quoting, quoting the wrong
> part (e.g. http%3A//...  > syndrome)).

Yup, it's nasty.  Unfortunately, AFAICT, there really is no good
solution.

> '''
>          %(
> ''' % ht(locals())

Hmm, how about:

    def ht(**kwargs):
        result = {}
        for k, v in kwargs.items():
            result[k] = html_quote(v)
        return result


You could then do:

    '...' % ht(foo=10, bar='blah')

or

    '...' % ht(**locals())

Another idea:

    class quoted_vars:
        def __init__(self):
            self.locals = sys._getframe().f_locals
            self.globals = sys._getframe().f_globals
        def __getitem__(self, name):
            try:
                val = self.locals[name]
            except KeyError:
                val = self.globals[name]
            return html_quote(val)


    foo = 10
    bar = 'green eggs & ham'
    '...' % quoted_vars()


One more (props to Ka-Ping and effbot):

    import sys
    import re
    _ht_pat = re.compile(r'\${([A-Za-z0-9_]+)}|\$([A-Za-z0-9_]+)\b')
    def ht(s):
        """Do string interpolation for HTML text.

        The interpolation character is $.  Double it to get a single $
        in the output string.  A variable reference is $ followed by a
        variable name or by a variable name surrounded by braces.
        Variable references are replaced by the variable values quoted
        by html_quote.

        Note that the format string should be a literal string.  If it
        is not, extreme care must be taken to ensure that it does not
        contain extra dollar characters.

        Example:

            >>> item = 'green eggs & ham'
            >>> orders = 1
            >>> ht('')
            ''

        """
        frame = sys._getframe()
        locs = frame.f_locals
        globs = frame.f_globals
        def varsub(m):
            name = m.group(1) or m.group(2)
            try:
                val = locs[name]
            except KeyError:
                val = globs[name]
            return html_quote(val)
        s = _ht_pat.sub(varsub, s)
        frame, locs, globs = None
        return s.replace('$$', '$')

I like the last one the best.  Note that all of these examples are not
well tested.  You get what you pay for. :-)

  Neil