A few minutes ago, Michael W wrote:
>
> I guess you're making the point that quasiquotes in a
> web-server/templates template doesn't protect against injection.
Yes, exactly. And going back to Harry's question, it was about the
"@syntax", and to be percise, that syntax is independent of anything
5 hours ago, Eli Barzilay wrote:
> That is completely incorrect. There is nothing special about
> quasiquotes that makes them more resistant to injection over any kind
> of other templates.
Pardon?
Now I'm curious. Xexprs *know* they're XML, so they escape normal
strings like you'd expect -- I
About three weeks ago, Danny Yoo wrote:
> > Can someone tell me, is there some advantage or added funtionality
> > in using the @syntax in a template over the first example using
> > quosiquotes?
>
> Section 7.4 of the Web Server docs shows a difference:
>
> http://docs.racket-lang.org/web-se
If you want something a third option:
http://www.neilvandyke.org/racket-html-template/
The documentation will come eventually, but the most basic usage is
self-explanatory.
--
http://www.neilvandyke.org/
Racket Users list:
http://lists.racket-lang.org/users
> Can someone tell me, is there some advantage or added funtionality in using
> the @syntax in a template over the first example using quosiquotes?
Section 7.4 of the Web Server docs shows a difference:
http://docs.racket-lang.org/web-server/templates.html#(part._.Escaping)
A version with qu
Dear list members,
In "Continue Web applications in Racket" it gives this example of creating
dynamic webpages using quosiquotes:
; render-greeting: string -> response
; Consumes a name, and produces a dynamic response.
(define (render-greeting a-name)
(response/xexpr
`(html (head (title "Welcome"
6 matches
Mail list logo
