Re: [xml] [PATCH] Server side includes (again)



Hello,
Following Daniel's message about a new release, I would like to bump the issue/patch I raised earlier this 
month for consideration.

Thank you,
Romain Bondue

Hello,
I recently came up with an issue that prevented the generation of server side includes.
Daniel Veillard wrote a patch in version 2.9.0 to help resolve this: 
http://git.gnome.org/browse/libxml2/diff/?id=7d4c529a334845621e2f805c8ed0e154b3350cec

The issue was that too much escaping was performed when generating html attributes, so it was disabled 
within the strings "<!--" and "-->".
Moreover, html attribute values may also be URI escaped, so escaping was also disabled for the characters 
'<' and '>'.

Unfortunately, some characters required by SSIs may still be URI encoded, mainly spaces.
This is an oversight of my part, because they was no space in the example I came up with, sorry :( .

Since we obviously cannot disable URI escaping for spaces, here is a patch that disable it within SSIs 
("<!--" and "-->"), just like Daniel's previous patches (and unlike the patch I initially contributed!).

./xsltproc xsl xsl

Before (v2.9.0):

<a 
href="<!--#include%20virtual=%22/cgi-bin/example.cgi?argument=value%22-->/dir%20with%20spaces/<!--#if%20expr=%22(%24a%20=%20test1)%20&&%20(%24b%20=%20test2)%22%20-->/dir'with%22quotes/yet%20another%20dir%20with%20spaces/<!--#echo%20var='STATIC_SERVER_B'-->/page.html"
 onMouseUp="&{My script};">link</a>

After:

<a href="<!--#include virtual="/cgi-bin/example.cgi?argument=value"-->/dir%20with%20spaces/<!--#if 
expr="($a = test1) && ($b = test2)" -->/dir'with%22quotes/yet%20another%20dir%20with%20spaces/<!--#echo 
var='STATIC_SERVER_B'-->/page.html" onMouseUp="&{My script};">link</a>

As you can see, no escaping is performed at all, which may result in badly formed html: in this example, 
the double quotes within the SSIs are not escaped, even if it is the attribute value delimiter, and 
ampersand are preserved, apache is handling this just fine though.
Outside the 3 SSIs, the double quote is properly replaced by %22, like before.
All regression tests are ok.

Thank you for your work and time,
Romain

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne 
doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez 
le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles 
d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by 
law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its 
attachments.
As emails may be altered, France Telecom - Orange is not liable for messages that have been modified, changed 
or falsified.
Thank you.

Attachment: HTMLtree.patch
Description: HTMLtree.patch



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]