Re: ooopppss [Re: Problem with SSI in form elements] from Chris Croome on 2000-08-25 (html-tidy@w3.org from July to September 2000)

From: Chris Croome <chris@webarchitects.co.uk>
Date: Fri, 25 Aug 2000 10:33:52 +0100
To: Sebastian Lange <lange@cyperfection.de>
Cc: html-tidy@w3.org
Message-ID: <20000825103352.B6429@webarchitects.co.uk>

Hi

Thnaks for this - I'll have a play with it :-)

Chris 

On Fri 25-Aug-2000 at 10:02:00AM +0200, Sebastian Lange wrote:
> oppsss... I just realized that I missed the exclamation marks.. sorry for 
> that... here's the corrected code:
> 
> $to_be_tidied_data = "content of file to be tidied";
> # replace all <!--#...--> blocks with a placeholder string
> my @SSIStack;
> my $SSIBlock;
> my $i = 0;
> while ($to_be_tidied_data =~ m/(<!--\#.*?-->)/gsi) {
>    $SSIStack[$i] = defined($1) ? $1 : "";
>    $to_be_tidied_data =~ s/<!--\#.*?-->/SSIStackPlaceHolder\[$i\]/si;
>    $i++;
> }
> 
> 
> $tidied_data = &tidy($to_be_tidied_data);
> 
> # replace all placeholder strings with the corresponding <!--#...-->
> for ($i=0; $i <= scalar @SSIStack; $i++) {
>    $tidied_data =~ s/SSIStackPlaceHolder\[$i\]/$SSIStack[$i]/s;
> }
> 
> 
> At 15:19 25.08.2000 +1200, Richard A. O'Keefe wrote:
> >         If you use SSI in form elements like this:
> >
> >         <input type="text" name="referer"
> >                value="<!--#echo var="HTTP_REFERER"-->" />
> >
> > >From the /> at the end, I see this is XHTML.
> >Looking in the XML 1.0 spec (actually the latest revised draft),
> >we find in section 2.3 that
> >
> >[10] AttValue ::= '"' ([^<&"] | Reference)* '"'
> >                |  "'" ([^<&'] | Reference)* "'"
> >
> >That is, within an attribute value,
> >     ampersand is reserved for introducing character/entity references,
> >     the quotation mark you started with is forbidden, and
> >     THE LESS THAN SIGN IS NOT AT ALL ALLOWED.
> >
> >I don't really see the point in this restriction.  After all, we're
> >talking about the inside of a string, and there is nothing else that
> >less than could mean there.  Perhaps it was precisely so that people
> >*could* write stuff like this.
> >
> >What's more, if we look at it, what we see is
> >
> >         [value] [=] ["<!--#echo var="] [HTTP_REFERER] ["-->"]
> >
> >which would not be syntactically legal XHTML even if XML *did*
> >allow less than signs inside attribute values, because it would
> >be two attribute bindings, one of them missing an equal sign.
> >
> >Would it be possible to change this to
> >
> >         value='<!--#echo var="#HTTP_REFERER"-->'
> >
> >where the quotation marks are different?
> 
> --
> Sebastian Lange
> http://www.sl-chat.de/
> Maybe the first chat site that validates as HTML
> 4.0 even though user input may contain HTML codes.
> 
> Courtesy to Dave Raggett's HTML Tidy:
> http://www.w3.org/People/Raggett/tidy/
> 
> Tidy your documents ONLINE:
> http://www.sl-chat.de/Tidy/

-- 
Chris Croome <chris@webarchitects.co.uk>

http://www.webarchitects.co.uk/
http://chris.croome.net/

Received on Friday, 25 August 2000 06:16:43 UTC