21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
+
+
+
+
|
# same. The only difference is in how wapp-safety-check deals with these
# procs during analysis.
#
proc wapp {txt} {
global wapp
dict append wapp .reply $txt
}
############################ Begin Deprecated Interfaces ######################
# Add text to the page under construction. Do no escaping on the text.
#
proc wapp-unsafe {txt} {
global wapp
dict append wapp .reply $txt
}
# Append text after escaping it for HTML.
#
|
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
+
|
# wapp-escape-url TEXT
# wapp-subst %url(TEXT)
#
proc wapp-escape-url {txt} {
global wapp
dict append wapp .reply [wappInt-enc-url $txt]
}
########################### End Deprecated Interfaces #########################
# The argument should be in {...}. Substitions of %html(...) encode ...
# escaped for safe insertion into HTML. %url(...) substitions encode the
# argument for safe insertion into query parameters of URLs. Backslash
# substitutions are also performed, but variable substitutions are not,
# except within %html() and %url().
#
|