[REBOL] Displaying REBOL script with embedded HTML on REBOL site Re:(2)

joel . neely Tue, 11 Jan 2000 12:15:17 -0800

[EMAIL PROTECTED] wrote:
> 
> I'm puzzled, though, as to how it's a security concern, unless the
> whole of the site's script is one REBOL script.
> 

Suffice to say that if your site contains executable code, you want to
minimize disclosure; the Bad Guys have often been able to trick code
into supplying "unexpected" functionality.

>
> Could just the few lines or section on converting the REBOL script
> to a HTML page be published? That would reveal less vulnerabilities,
> I would imagine.
> 

Here's a fairly minimal script for just that purpose.  I'm sure others
could do it more nicely; this is just a QAD submission.

-jn-

-----------------------------------------------------------------------

REBOL []

; encode reserved characters as html entity references
;
; string! -> string!

html-ify: func [s [string!]] [
    replace/all s {&} {&amp;}
    replace/all s {<} {&lt;}
    replace/all s {>} {&gt;}
    replace/all s {"} {&quot;}
    s
]

; encode an entire file, adding minimal html tags
;
; file! -> string!

html-a-file: func [
    f [file!]
    /local content wrapper
][
    wrapper: copy
{<html>
<body bgcolor="#ffffff">
<pre>###</pre>
</body>
</html>
}
    if error? try [
        content: read f
        replace wrapper "###" html-ify content
    ][
        print "file unusable!"
        wrapper: none
    ]
    wrapper
]

[REBOL] Displaying REBOL script with embedded HTML on REBOL site Re:(2)

Reply via email to