Discussion:
[FE-discuss] formencode.htmlfill.FillingParser chokes on javascript HTML
Roy Hyunjin Han
2009-11-18 20:40:31 UTC
Permalink
|Hi,

I am using formencode.htmlfill() to render a form, but the function is
inadvertently parsing my javascript code. Specifically,
formencode.htmlfill.FillingParser raises the following exception

|| HTMLParseError: malformed start tag

when it encounters the following jQuery code

function hover(obj, text) {$(obj).append("<span class=flag> (" +
text + ")</span>");}

and does not raise the exception after I remove the offending code.
Perhaps we should strip javascript before htmlfill?

Thanks,
RHH
|
Ian Bicking
2009-11-18 20:49:44 UTC
Permalink
On Wed, Nov 18, 2009 at 2:40 PM, Roy Hyunjin Han
Hi,
I am using formencode.htmlfill() to render a form, but the function is inadvertently parsing my javascript code.  Specifically, formencode.htmlfill.FillingParser raises the following exception
    HTMLParseError: malformed start tag
when it encounters the following jQuery code
    function hover(obj, text) {$(obj).append("<span class=flag> (" + text + ")</span>");}
and does not raise the exception after I remove the offending code.  Perhaps we should strip javascript before htmlfill?
Well... what needs to happen is everything between <script> and
</script> should be treated as text, but HTMLParser doesn't understand
that.

I *think* it would work fine to do:

function hover(obj, text) {$(obj).append("&lt;span class=flag&gt; ("
+ text + ")&lt;/span&gt;");}

Which is actually something we could do automatically with a regex.
Unfortunately right now I can't reproduce, I put a test at the bottom
here: http://bitbucket.org/ianb/formencode/src/tip/tests/test_htmlfill.py
-- but it passes.

--
Ian Bicking  |  http://blog.ianbicking.org  |  http://topplabs.org/civichacker
Roy Hyunjin Han
2009-11-18 21:23:59 UTC
Permalink
Post by Ian Bicking
On Wed, Nov 18, 2009 at 2:40 PM, Roy Hyunjin Han
Hi,
I am using formencode.htmlfill() to render a form, but the function is inadvertently parsing my javascript code. Specifically, formencode.htmlfill.FillingParser raises the following exception
HTMLParseError: malformed start tag
when it encounters the following jQuery code
function hover(obj, text) {$(obj).append("<span class=flag> (" + text + ")</span>");}
and does not raise the exception after I remove the offending code. Perhaps we should strip javascript before htmlfill?
Well... what needs to happen is everything between<script> and
</script> should be treated as text, but HTMLParser doesn't understand
that.
Which is actually something we could do automatically with a regex.
Unfortunately right now I can't reproduce, I put a test at the bottom
here: http://bitbucket.org/ianb/formencode/src/tip/tests/test_htmlfill.py
-- but it passes.Thanks for your suggestion!
Thanks for your suggestion!

Escaping the brackets does fix the problem with htmlfill(), but it is
also causing the browser to interpret the brackets literally, so the
text prints but is not rendered as a span element.

I think for the meantime I will have to do without that bit of
javascript on the page, because I need to use htmlfill().

RHH
Aston Motes
2009-11-18 21:43:22 UTC
Permalink
- Aston

On Wed, Nov 18, 2009 at 1:23 PM, Roy Hyunjin Han
Post by Roy Hyunjin Han
Post by Ian Bicking
On Wed, Nov 18, 2009 at 2:40 PM, Roy Hyunjin Han
Post by Roy Hyunjin Han
Hi,
I am using formencode.htmlfill() to render a form, but the function is
inadvertently parsing my javascript code. Specifically,
formencode.htmlfill.FillingParser raises the following exception
Post by Ian Bicking
Post by Roy Hyunjin Han
HTMLParseError: malformed start tag
when it encounters the following jQuery code
function hover(obj, text) {$(obj).append("<span class=flag> (" +
text + ")</span>");}
Post by Ian Bicking
Post by Roy Hyunjin Han
and does not raise the exception after I remove the offending code.
Perhaps we should strip javascript before htmlfill?
Post by Ian Bicking
Well... what needs to happen is everything between<script> and
</script> should be treated as text, but HTMLParser doesn't understand
that.
Which is actually something we could do automatically with a regex.
Unfortunately right now I can't reproduce, I put a test at the bottom
http://bitbucket.org/ianb/formencode/src/tip/tests/test_htmlfill.py
Post by Ian Bicking
-- but it passes.Thanks for your suggestion!
Thanks for your suggestion!
Escaping the brackets does fix the problem with htmlfill(), but it is
also causing the browser to interpret the brackets literally, so the
text prints but is not rendered as a span element.
I think for the meantime I will have to do without that bit of
javascript on the page, because I need to use htmlfill().
RHH
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus
on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
FormEncode-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/formencode-discuss
Aston Motes
2009-11-18 21:45:33 UTC
Permalink
Another trick might be to split your tag with concatenated strings so
that it doesn't look like HTML. I couldn't (quickly) make htmlfill
break on a simple example, but maybe you could try something like
this:

    function hover(obj, text) {$(obj).append("<" + "span class=flag>
(" + text + ")<" + "/span>");}

   - Aston

On Wed, Nov 18, 2009 at 1:23 PM, Roy Hyunjin Han
Post by Ian Bicking
Post by Ian Bicking
On Wed, Nov 18, 2009 at 2:40 PM, Roy Hyunjin Han
Hi,
I am using formencode.htmlfill() to render a form, but the function is inadvertently parsing my javascript code.  Specifically, formencode.htmlfill.FillingParser raises the following exception
     HTMLParseError: malformed start tag
when it encounters the following jQuery code
     function hover(obj, text) {$(obj).append("<span class=flag>  (" + text + ")</span>");}
and does not raise the exception after I remove the offending code.  Perhaps we should strip javascript before htmlfill?
Well... what needs to happen is everything between<script>  and
</script>  should be treated as text, but HTMLParser doesn't understand
that.
Which is actually something we could do automatically with a regex.
Unfortunately right now I can't reproduce, I put a test at the bottom
here: http://bitbucket.org/ianb/formencode/src/tip/tests/test_htmlfill.py
-- but it passes.Thanks for your suggestion!
Thanks for your suggestion!
Escaping the brackets does fix the problem with htmlfill(), but it is
also causing the browser to interpret the brackets literally, so the
text prints but is not rendered as a span element.
I think for the meantime I will have to do without that bit of
javascript on the page, because I need to use htmlfill().
RHH
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
FormEncode-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/formencode-discuss
Ian Bicking
2009-11-18 21:47:59 UTC
Permalink
\074 could also be substituted for <
Post by Aston Motes
Another trick might be to split your tag with concatenated strings so
that it doesn't look like HTML. I couldn't (quickly) make htmlfill
break on a simple example, but maybe you could try something like
    function hover(obj, text) {$(obj).append("<" + "span class=flag>
(" + text + ")<" + "/span>");}
   - Aston
On Wed, Nov 18, 2009 at 1:23 PM, Roy Hyunjin Han
Post by Ian Bicking
Post by Ian Bicking
On Wed, Nov 18, 2009 at 2:40 PM, Roy Hyunjin Han
Hi,
I am using formencode.htmlfill() to render a form, but the function is inadvertently parsing my javascript code.  Specifically, formencode.htmlfill.FillingParser raises the following exception
     HTMLParseError: malformed start tag
when it encounters the following jQuery code
     function hover(obj, text) {$(obj).append("<span class=flag>  (" + text + ")</span>");}
and does not raise the exception after I remove the offending code.  Perhaps we should strip javascript before htmlfill?
Well... what needs to happen is everything between<script>  and
</script>  should be treated as text, but HTMLParser doesn't understand
that.
Which is actually something we could do automatically with a regex.
Unfortunately right now I can't reproduce, I put a test at the bottom
here: http://bitbucket.org/ianb/formencode/src/tip/tests/test_htmlfill.py
-- but it passes.Thanks for your suggestion!
Thanks for your suggestion!
Escaping the brackets does fix the problem with htmlfill(), but it is
also causing the browser to interpret the brackets literally, so the
text prints but is not rendered as a span element.
I think for the meantime I will have to do without that bit of
javascript on the page, because I need to use htmlfill().
RHH
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
FormEncode-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/formencode-discuss
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
FormEncode-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/formencode-discuss
--
Ian Bicking | http://blog.ianbicking.org | http://topplabs.org/civichacker
Brennan Todd
2009-11-18 22:50:46 UTC
Permalink
On Wed, Nov 18, 2009 at 2:40 PM, Roy Hyunjin Han
Post by Roy Hyunjin Han
Hi,
I am using formencode.htmlfill() to render a form, but the function is
inadvertently parsing my javascript code. Specifically,
formencode.htmlfill.FillingParser raises the following exception
HTMLParseError: malformed start tag
when it encounters the following jQuery code
function hover(obj, text) {$(obj).append("<span class=flag> (" + text +
")</span>");}
and does not raise the exception after I remove the offending code.
Perhaps we should strip javascript before htmlfill?
Thanks,
RHH
I find that putting your javascript in HTML comments helps when I run into
the same problem with genshi templates:

<script>
<!--
// your javascript here
-->
</script>

Loading...