The only template language I've come across that really does the right thing is RXML, the Roxen Macro Language (http://docs.roxen.com/roxen/4.5/web_developer_manual/entity/encoding.xml) (since version 2).
By default, it quotes all output to the quoting rules of the content-type the document is served in, or the attribute of some macro tag. Thus it properly handles the different attribute syntaxes understood in XML and HTML, it knows what to quote how for text/javascript, SQL queries used in data fetching for this and that database, and so on, and is generally really pleasant to work with.
The format to include an appropriately (content-type / context sensitively) quoted variable is &form.q; (equivalent of the example given above), or &roxen.version;, and you can override with your own pick of quoting using &form.q:js; for javascript quoing, or even a series of quotings applied after one another; &form.q:mysql:html;. Opting out of quoting is available with the quoting scheme "none", so where needed, &form.q:none; does the trick.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
RXML
Date: 2007-04-16 04:35 am (UTC)By default, it quotes all output to the quoting rules of the content-type the document is served in, or the attribute of some macro tag. Thus it properly handles the different attribute syntaxes understood in XML and HTML, it knows what to quote how for text/javascript, SQL queries used in data fetching for this and that database, and so on, and is generally really pleasant to work with.
The format to include an appropriately (content-type / context sensitively) quoted variable is &form.q; (equivalent of the example given above), or &roxen.version;, and you can override with your own pick of quoting using &form.q:js; for javascript quoing, or even a series of quotings applied after one another; &form.q:mysql:html;. Opting out of quoting is available with the quoting scheme "none", so where needed, &form.q:none; does the trick.