- From: James Aylett <sja20@hermes.cam.ac.uk>
- Date: Tue, 30 Jul 1996 11:09:32 +0100 (BST)
- To: Albert Lunde <Albert-Lunde@nwu.edu>
- cc: www-html@w3.org
On Mon, 29 Jul 1996, Albert Lunde wrote: > At 6:22 PM 7/29/96, Foteos Macrides wrote: > > So isn't it in fact true that the ONLY way to include script > >code "100%" safely in an HTML document instance is as an encoded (hex > >or BASE64) attribute value? > > While this has some merit, it may run into another set of problems due to > SGML or implementation limits on the size of attribute values. > > (Some options, including this and the CDATA marked sections may also be > unpopular as being hard to type and/or not enough like the popular flavors > of script/tag soup.) I would say this has a lot of merit - further, it would be perfectly possible to invent some form of server-side storage which is _not_ valid SGML or HTML, but which _is_ usable as a script delimiter, eg: <SCRIPT><!-- script started there --> /* this is now a script - the delimiters are <SCRIPT>...</SCRIPT>, but could easily be say [[[ ... ]]] within <SCRIPT>...</SCRIPT> */ i--; document.write("Flibble"); <!-- script stopped here --> </SCRIPT> This is readable and not too tricky to do. Then you write a parser (or, under Apache, an internal module) to parse .phtml, or whatever you might want to call it, into BASE64 encoding for an attribute. Better yet, the httpd could be configured to use a temporary pseudodirectory, say /scripts/, which needn't even exist except virtually, in which it temporarily puts the script file, and then references using <SCRIPT SRC="url">. This could be done completely transparently to the user - the HTML spec gets cleaned up, but users don't actually have to think about it unless they really want to. Since I doubt very much that most users will want to take the time for a two-line script to move it into a separate file, or encode it, or whatever, this seems to me to be an acceptable (if barely) way round. So, what have I forgotten? :-) James -- /-----------------------------------------------------------------------------\ James Aylett - Crystal Services (crystal.clare.cam.ac.uk): BBS, Ftp and Web Clare College, Cambridge, CB2 1TL -- sja20@cam.ac.uk -- (0976) 212023
Received on Tuesday, 30 July 1996 06:11:19 UTC