Re: Problem with SSI in form elements

	If you use SSI in form elements like this:
	
	<input type="text" name="referer"
	       value="<!--#echo var="HTTP_REFERER"-->" />
	
From the /> at the end, I see this is XHTML.
Looking in the XML 1.0 spec (actually the latest revised draft),
we find in section 2.3 that
 
[10] AttValue ::= '"' ([^<&"] | Reference)* '"' 
               |  "'" ([^<&'] | Reference)* "'"

That is, within an attribute value,
    ampersand is reserved for introducing character/entity references,
    the quotation mark you started with is forbidden, and
    THE LESS THAN SIGN IS NOT AT ALL ALLOWED.

I don't really see the point in this restriction.  After all, we're
talking about the inside of a string, and there is nothing else that
less than could mean there.  Perhaps it was precisely so that people
*could* write stuff like this.

What's more, if we look at it, what we see is

	[value] [=] ["<!--#echo var="] [HTTP_REFERER] ["-->"]

which would not be syntactically legal XHTML even if XML *did*
allow less than signs inside attribute values, because it would
be two attribute bindings, one of them missing an equal sign.

Would it be possible to change this to

	value='<!--#echo var="#HTTP_REFERER"-->'

where the quotation marks are different?

Received on Thursday, 24 August 2000 23:20:11 UTC