- From: Ian Bicking <ianb@colorstudy.com>
- Date: Tue, 15 Jun 2004 11:32:48 -0500
Ian Hickson wrote: >>Going right against the ideas for other useful ways to use this other >>index, I think the parsing of [ID] (and, if included, {DOMORDER}) should >>be limited to just the "for", "headers", "id", "name" and "template" >>attributes (and maybe also "cite", "href" and "src"), or at least to >>exclude the "value" attribute. I am aware of more than one clumsily >>coded web application which utilizes multiple screens and stores the >>received values from the previous screen in the value of a hidden input >>element. It is quite imaginable for such received input to include text >>between square brackets which would match the id of a repetition >>template, with obviously disastrous results. Although this problem is >>mitigated by most such hidden inputs _probably_ not being included in >>repetition templates, I can still imagine use cases where this can >>happen. (Multiple search engine submission forms being one of them.) > > > Ouch, good point, a template might well include user-entered data that > might match that string. For that matter a script might contain [foo] > which happens to be the ID of the template. > > I'm somewhat reluctant to just say "only do these attributes" since > there's bound to be use cases where you need to do it that haven't been > covered. Like, in fact, value (there are some interesting use cases that > involve only using it in value, instead of name, and some cases where > you would want to affect the scripts). > > Any other ideas for solving this? Well, it could be done like boundaries in MIME -- you don't provide an quoting mechanism, but you allow for explicit replacement values that can be arbitrarily unlikely to occur. E.g.: <tr template="whatever" template-replace="somelongstring"> <input name="phone_somelongstring"...> </tr> This is obnoxious, but at least explicit and potentially robust (but only potentially, not necessarily). This is somewhat reminiscent of Zope Page Templates, where it would be something like: <tr template="whatever"> <input template-attributes="name phone_[whatever]"...> </tr> In TAL you use ; to define multiple attributes, but the expressions aren't free-form strings so ; can be avoided. That's not the case here -- but then, it's not that big a deal, since this makes attribute substitution explicit. Namespaces would be simpler still, but I don't know that this is an appropriate use of namespaces: <tr template="whatever"> <input template:name="phone_[whatever]"...> </tr> Ian
Received on Tuesday, 15 June 2004 09:32:48 UTC