W3C home > Mailing lists > Public > html-tidy@w3.org > July to September 2000

Re: Problem with SSI in form elements

From: Richard A. O'Keefe <ok@atlas.otago.ac.nz>
Date: Fri, 25 Aug 2000 15:19:57 +1200 (NZST)
Message-Id: <200008250319.PAA21543@atlas.otago.ac.nz>
To: chris@webarchitects.co.uk, html-tidy@w3.org
	If you use SSI in form elements like this:
	
	<input type="text" name="referer"
	       value="<!--#echo var="HTTP_REFERER"-->" />
	
From the /> at the end, I see this is XHTML.
Looking in the XML 1.0 spec (actually the latest revised draft),
we find in section 2.3 that
 
[10] AttValue ::= '"' ([^<&"] | Reference)* '"' 
               |  "'" ([^<&'] | Reference)* "'"

That is, within an attribute value,
    ampersand is reserved for introducing character/entity references,
    the quotation mark you started with is forbidden, and
    THE LESS THAN SIGN IS NOT AT ALL ALLOWED.

I don't really see the point in this restriction.  After all, we're
talking about the inside of a string, and there is nothing else that
less than could mean there.  Perhaps it was precisely so that people
*could* write stuff like this.

What's more, if we look at it, what we see is

	[value] [=] ["<!--#echo var="] [HTTP_REFERER] ["-->"]

which would not be syntactically legal XHTML even if XML *did*
allow less than signs inside attribute values, because it would
be two attribute bindings, one of them missing an equal sign.

Would it be possible to change this to

	value='<!--#echo var="#HTTP_REFERER"-->'

where the quotation marks are different?
Received on Thursday, 24 August 2000 23:20:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 April 2012 06:13:44 GMT