| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by tlb 2746 days ago

It's worth getting the escaping right in a library like this. For example, at https://github.com/tinfoilboy/CTML/blob/master/include/ctml....

  for (const auto& attr : m_attributes)
    output << " " << attr.first + "=\"" << attr.second + "\"";

it'll generate incorrect HTML if an attribute value has a " character. Although early versions of HTML were kind of vague on how escaping was supposed to work, the HTML5 standard explains it in detail.

1 comments

tinfoilboy 2746 days ago

I'll add escaping attributes to the library according to the spec. Thank you for the heads up!

link

im3w1l 2746 days ago

Please look it over once, twice and thrice. Getting escaping correct is the main reason to use a library like this over manual construction with a heap of string concatenations.

link

sail0rm00n 2746 days ago

https://en.cppreference.com/w/cpp/io/manip/quoted std::quoted might be useful

link