On Fri, Feb 27, 2009 at 10:04 AM, Hans <[email protected]> wrote:
>
> 2009/2/27 The Editor <[email protected]>:
>>
>> I tried this little hack instead. Just before the $BOLTpluginHeader
>> line in BOLTmakepage, I added:
>>
>> if (is_array($BOLTpluginStyles)) $out = str_replace ('--></style>',
>> implode($BOLTpluginStyles, "\n") . '--></style>', $out);
>
> You are a great fan of str_replace, in preference of array processing!
>
>
>> Then I added this cool little script--possibly worthy of the core:
>>
>> function BOLTFstyle($args, $zone='') {
>> global $BOLTpluginStyles;
>> $BOLTpluginStyles[] = $args[''][0];
>> }
>>
>> Then on a page I did this, with quite cool effect:
>>
>> [(style ".box { background-color: green; padding: 27px;
>> border: 5px solid yellow;}")]<box>TEST</box>
>
> The [(style)] markup might be a bit dangerous, as it allows all kinds
> of tags to be injected.
The only limitation is you can't get a line break in there (which
would break the markup). So probably not too much damage you could do
with CSS. But you're right. This shouldn't go in the core, but be a
plugin (solution). What is the worst you could do with this, given
there are no line breaks?
Hmmm. I suppose someone could enter multiple lines like this in a
comment box, just for fun...
[(style "--> </style><script>")]
[(style "....")]
[(style "</script><style><--")]
> I would be a bit more careful and restrict such type of markup just to
> accept values like css attribute values, and not attributes plus
> values. Especially as the proposed $BOLTpluginStyles just injects it
> without checks (or more likely i am not aware of checks, but you may
> have them in place)
No checks for this. Normally the only way to access this kind of input
is through a plugin or config file, so it's assumed to be admin
approved. In a markup like this however, there should be checks in the
markup rule, as you pointed out.
> Here is another markup function to illustrate my point:
> This will allow setting a background (like an image) to a div, table
> or other object:
>
> function BOLTFbackground($args, $zone) {
> global $BOLTpluginStyles;
> if (!$args['id'] || !$args['bg']) return;
> $BOLTpluginStyles[] = " #{$args['id']} { background: {$args['bg']}; }";
> }
Nice suggestion. There's also a BOLTattrs function which could come
in handy. Not tested, but could do:
$BOLTattrs['style'] = 'background,font,border,...';
function BOLTFbackground($args, $zone) {
global $BOLTpluginStyles;
foreach($args as $f => $v) {
if (is_array($v)) continue;
if (! in_array($f, BOLTattrs($type))) continue;
if (strpos($v, "'") !== false) $attr .= " $f=\"$v\" ";
else $attr .= " $f: $v; ";
}
if (!$args['id'] || !$attr) return;
$BOLTpluginStyles[] = " #{$args['id']} { $attr }";
}
>> P.S. I like the suggestion for dropping the <style> opening and
>> closing tags, but would prefer to keep them in the actual skin style
>> sheet, as my goal has been to make it possible to just drop in a
>> regular css sheet, and only rename it to code.style.skinname.
>
> Not sure exactly what you mean. At present a code.style.skinname etc.
> page needs the <style> opening and closing tags. If you want to open
> the possibility to drop in regular css then the mechanism should not
> need such tags. Same as when using $BOLTpluginStyles in a plugin
> script you won't need the <style> tags.
I just meant we still keep the opening and closing tags in
code.style.skinname, but not needed in any other insertions.
code.style.skinname gets inserted (whole page) into <<style>> in skin.
The others get inserted via the str_replace command.
Cheers,
Dan
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en
-~----------~----~----~----~------~----~------~--~---
