Escape Single Quotes in Template Toolkit

Do you ever escape single quotes in template toolkit for necessary javascript handlers? If so, how do you do it.

[% SET s = "A'B'C" %]

<a href="/abc.html" onclick="popup开发者_高级运维('[% s | html_entity %]')">ABC</a>

html_entity obviously doesn't work because it only handles the double quote. So how do you do it?

I don't use the inlined event handlers -- for the same reason I refuse to use the style attribute for css. Jquery just makes it to easy to do class="foo" on the html and $('.foo').click( function () {} ), in an external .js file.

But, for the purpose of doing my best to answer this question, check out these docs on Template::Filter for the ones in core.

It seems as if you could do [% s | replace( "'", "\\'" ) %], to escape single quotes. Or you could probably write a more complex sanitizing javascript parser that permits only function calls, and make your own Template::Filter

2018 update for reference:

TT has a method for this called squote for escaping single quotes and dquote for double quotes.

[% tim = "Tim O'Reilly" %]
[% tim.squote %]          # Tim O\'Reilly

Questioned link would be something like:

<a href="/abc.html" onclick="popup('[% s.squote %]')">ABC</a>

http://www.template-toolkit.org/docs/manual/VMethods.html#section_squote

You can try: popup('[% s | html %]').

Perl isn't my strongest language... But!

Easiest way I've found is to use the JSON module. In a module called JS.pm or something:

use JSON;

sub encode () {
   my $self = shift;
   my $string = shift;

   $json = JSON->new->allow_nonref;

   return $json->encode( $string );
}

More here: http://search.cpan.org/~makamaka/JSON-2.90/lib/JSON.pm

Then in your template:

[% use JS; %]

<script>
  var escaped_string = [% JS.encode( some_template_variable ) %];
</script>

Remember to double-escape the slash in the replacement, otherwise it will be interpreted as escaping the apostrophe.

[% string.replace( "'", "\\'" ) %]