Hello, Following Daniel's message about a new release, I would like to bump the issue/patch I raised earlier this month for consideration. Thank you, Romain Bondue
Hello, I recently came up with an issue that prevented the generation of server side includes. Daniel Veillard wrote a patch in version 2.9.0 to help resolve this: http://git.gnome.org/browse/libxml2/diff/?id=7d4c529a334845621e2f805c8ed0e154b3350cec The issue was that too much escaping was performed when generating html attributes, so it was disabled within the strings "<!--" and "-->". Moreover, html attribute values may also be URI escaped, so escaping was also disabled for the characters '<' and '>'. Unfortunately, some characters required by SSIs may still be URI encoded, mainly spaces. This is an oversight of my part, because they was no space in the example I came up with, sorry :( . Since we obviously cannot disable URI escaping for spaces, here is a patch that disable it within SSIs ("<!--" and "-->"), just like Daniel's previous patches (and unlike the patch I initially contributed!). ./xsltproc xsl xsl Before (v2.9.0): <a href="<!--#include%20virtual=%22/cgi-bin/example.cgi?argument=value%22-->/dir%20with%20spaces/<!--#if%20expr=%22(%24a%20=%20test1)%20&&%20(%24b%20=%20test2)%22%20-->/dir'with%22quotes/yet%20another%20dir%20with%20spaces/<!--#echo%20var='STATIC_SERVER_B'-->/page.html" onMouseUp="&{My script};">link</a> After: <a href="<!--#include virtual="/cgi-bin/example.cgi?argument=value"-->/dir%20with%20spaces/<!--#if expr="($a = test1) && ($b = test2)" -->/dir'with%22quotes/yet%20another%20dir%20with%20spaces/<!--#echo var='STATIC_SERVER_B'-->/page.html" onMouseUp="&{My script};">link</a> As you can see, no escaping is performed at all, which may result in badly formed html: in this example, the double quotes within the SSIs are not escaped, even if it is the attribute value delimiter, and ampersand are preserved, apache is handling this just fine though. Outside the 3 SSIs, the double quote is properly replaced by %22, like before. All regression tests are ok. Thank you for your work and time, Romain
_________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, France Telecom - Orange is not liable for messages that have been modified, changed or falsified. Thank you.
Attachment:
HTMLtree.patch
Description: HTMLtree.patch