Re: HTML 3.2 PR TEXTAREA WRAP attribute

On Tue, 12 Nov 1996, James Aylett wrote:

> > Got a headache yet? The point is that it can be 
> > *VERY* important 
> > that a server know where the browser wrapped the 
> > lines. And 
> > *whether or not* it goes into the 3.2 DTD, professional
> > designers know 
> > this and will continue to use WRAP=HARD to reduce the 
> > number of 
> > unexpected surprises.
> 
> As a matter of interest, does WRAP=HARD force a particular character to be
> used as a line break? 

You always get some variant of \r, \n or \r\n. Its dealable:

s/\r\n/\n/o;
s/\r/\n/o;

Works real well for me.

>I had someone using a browser a while ago that input
> something weird into my dump file which broke less - just terminated the
> output at the first EOL and returned control to the shell.

You've got a possible security hole sounds like. If your CGI can't deal
with *any* input character - you have a problem with your CGI.
Programmer's Maxim #1: 'Don't trust PSICorp^H^H^H^H^H^H^Husers.' 

> I'd be far more
> interested in that sort of thing being eradicated than dealing with
> wrapping that can be done in under ten lines of code.

The only eradication you are going to get on that is fixing your CGI to
handle any possible input char from \000 to \377. And '10 lines of code'
will not fix 'longline/shortline' problem in the general case. It can't be
fixed in the general case (WRAP=HARD provides a restricted case) without
completely reflowing the text (which violates "don't do things that
are unexpected to the user.")

-- 
Benjamin Franz

Received on Tuesday, 12 November 1996 09:08:34 UTC