51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# substitutions are made:
#
# %html(...) Escape text for inclusion in HTML
# %url(...) Escape text for use as a URL
# %qp(...) Escape text for use as a URI query parameter
# %string(...) Escape text for use within a JSON string
# %unsafe(...) No transformations of the text
#
# The %unsafe substitution should be avoided whenever possible, obviously.
# In addition to the substitutions above, the text also does backslash
# escapes.
#
proc wapp-subst {txt} {
global wapp
regsub -all {%(html|url|qp|string|unsafe)\(([^)]+)\)} $txt \
{[wappInt-enc-\1 "\2"]} txt
dict append wapp .reply [uplevel 1 [list subst -novariables $txt]]
}
# There must be a wappInt-enc-NAME routine for each possible substitution
# in wapp-subst. Thus there are routines for "html", "url", "qp", and "unsafe".
#
# wappInt-enc-html Escape text so that it is safe to use in the
|
>
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
>
>
>
|
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
# substitutions are made:
#
# %html(...) Escape text for inclusion in HTML
# %url(...) Escape text for use as a URL
# %qp(...) Escape text for use as a URI query parameter
# %string(...) Escape text for use within a JSON string
# %unsafe(...) No transformations of the text
#
# The substitutions above terminate at the first ")" character. If the
# text of the TCL string in ... contains ")" characters itself, use instead:
#
# %html%(...)%
# %url%(...)%
# %qp%(...)%
# %string%(...)%
# %unsafe%(...)%
#
# In other words, use "%(...)%" instead of "(...)" to include the TCL string
# to substitute.
#
# The %unsafe substitution should be avoided whenever possible, obviously.
# In addition to the substitutions above, the text also does backslash
# escapes.
#
proc wapp-subst {txt} {
global wapp
regsub -all {%(html|url|qp|string|unsafe){1,1}?(|%)\((.+)\)\2} $txt \
{[wappInt-enc-\1 "\3"]} txt
dict append wapp .reply [uplevel 1 [list subst -novariables $txt]]
}
# Works like wapp-subst, but also removes whitespace from the beginning
# of lines.
#
proc wapp-trim {txt} {
global wapp
regsub -all {\n\s+} [string trim $txt] \n txt
regsub -all {%(html|url|qp|string|unsafe){1,1}?(|%)\((.+)\)\2} $txt \
{[wappInt-enc-\1 "\3"]} txt
dict append wapp .reply [uplevel 1 [list subst -novariables $txt]]
}
# There must be a wappInt-enc-NAME routine for each possible substitution
# in wapp-subst. Thus there are routines for "html", "url", "qp", and "unsafe".
#
# wappInt-enc-html Escape text so that it is safe to use in the
|
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
}
return $s
}
proc wappInt-enc-string {s} {
return [string map {\\ \\\\ \" \\\" ' \\'} $s]
}
# Works like wapp-subst, but also removes whitespace from the beginning
# of lines.
#
proc wapp-trim {txt} {
global wapp
regsub -all {\n\s+} [string trim $txt] \n txt
regsub -all {%(html|url|qp|string|unsafe)\(([^)]+)\)} $txt \
{[wappInt-enc-\1 "\2"]} txt
dict append wapp .reply [uplevel 1 [list subst -novariables $txt]]
}
|
<
<
<
<
<
<
<
<
<
<
<
|
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
}
return $s
}
proc wappInt-enc-string {s} {
return [string map {\\ \\\\ \" \\\" ' \\'} $s]
}
# This is a helper routine for wappInt-enc-url and wappInt-enc-qp. It returns
# an appropriate %HH encoding for the single character c. If c is a unicode
# character, then this routine might return multiple bytes: %HH%HH%HH
#
proc wappInt-%HHchar {c} {
if {$c==" "} {return +}
return [regsub -all .. [binary encode hex [encoding convertto utf-8 $c]] {%&}]
|