Re: wiki function: _render

2021-09-17 Thread Alexander Burger 
On Wed, Sep 15, 2021 at 10:49:00PM +0900, Jean-Christophe Helary wrote:
> > What if the value of E is something like
> > 
> >">alert('xss');
> 
> You mean n{alert('xss');}?
> 
> I don't understand Alex’ answer:
> > In final code this would be written as (ht:Prin E)
> 
> but I guess he is right :)

I hope so.

   (ht:Prin ">alert('xss');")
   scriptalert('xss');/script

☺/ A!ex

-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: wiki function: _render

2021-09-12 Thread Alexander Burger 
On Sat, Sep 11, 2021 at 07:28:43PM +0200, Tomas Hlavaty wrote:
> On Sat 11 Sep 2021 at 18:11, Jean-Christophe Helary 
>  wrote:
> >(prin "<" C D " id=\"h" D "-" E "\">")
> > which would give us:
> > My heading
> 
> What if the value of E is something like
> 
>">alert('xss');

In final code this would be written as (ht:Prin E)

☺/ A!ex

-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: wiki function: _render

2021-09-11 Thread Tomas Hlavaty 
On Sat 11 Sep 2021 at 18:11, Jean-Christophe Helary 
 wrote:
>(prin "<" C D " id=\"h" D "-" E "\">")
> which would give us:
> My heading

What if the value of E is something like

   ">alert('xss');

-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: wiki function: _render

2021-09-11 Thread John Duncan 
For one thing, I don’t think NAME is defined on H1-H6 like it is for INPUT
or A.

John

On Sat, Sep 11, 2021 at 05:47 Alexander Burger  wrote:

> Hi Jean-Christophe,
>
> > I'm just exploring my very first lines of picolisp code, and it is going
> to
> > take some time to get something done... :)
>
> Very good! :)
>
>
> > The wiki html seems to be generated by _render, which is defined this
> way:
> >
> > (de _render (C D)
> > ...
> > for the code for html headers is:
> >
> > (case C
> > (("1" "2" "3" "4" "5" "6")  # Heading
> > (_render "h" C)
> > ...
> > with C being equal to the number that was used to define the header
> (wiki syntax: n{Heading}).
>
> Correct.
>
>
> > So, my first idea would be, instead of adding complexity to the wiki
> syntax to specify ID values, to use the value of the heading as the value
> of the ID and output this:
> >
> > My heading
> >
> > That does not guarantee that we have unique ID values, which is a
> requirement
> > in HTML,
>
> Is there a reason not to use   instead?
>
> ☺/ A!ex
>
> --
> UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe
>
-- 
John Duncan

Re: wiki function: _render

2021-09-11 Thread Alexander Burger 
Hi Jean-Christophe,

> I'm just exploring my very first lines of picolisp code, and it is going to
> take some time to get something done... :)

Very good! :)


> The wiki html seems to be generated by _render, which is defined this way:
> 
> (de _render (C D)
> ...
> for the code for html headers is:
> 
> (case C
> (("1" "2" "3" "4" "5" "6")  # Heading
> (_render "h" C)
> ...
> with C being equal to the number that was used to define the header (wiki 
> syntax: n{Heading}).

Correct.


> So, my first idea would be, instead of adding complexity to the wiki syntax 
> to specify ID values, to use the value of the heading as the value of the ID 
> and output this:
> 
> My heading
> 
> That does not guarantee that we have unique ID values, which is a requirement
> in HTML,

Is there a reason not to use   instead?

☺/ A!ex

-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

wiki function: _render

2021-09-11 Thread Jean-Christophe Helary 
I'm just exploring my very first lines of picolisp code, and it is going to 
take some time to get something done... :)

I was mentioning a few days ago that the wiki would benefit from having links 
to internal IDs, so as to create a formal table of contents, or just as a way 
to link to (relatively) arbitrary places in other pages.

The wiki html seems to be generated by _render, which is defined this way:

(de _render (C D)
   (prin "<" C D ">")
   (recurse T)
   (prin "") )

for the code for html headers is:

(case C
(("1" "2" "3" "4" "5" "6")  # Heading
(_render "h" C)
(prinl)
(skip) )

with C being equal to the number that was used to define the header (wiki 
syntax: n{Heading}).

The only case where _render uses 2 arguments is for headers.

So, my first idea would be, instead of adding complexity to the wiki syntax to 
specify ID values, to use the value of the heading as the value of the ID and 
output this:

My heading

That does not guarantee that we have unique ID values, which is a requirement 
in HTML, in case the author has the idea/requirement to actually create headers 
with the same content... But we can reasonably expect that the author won't 
create headers with the same tag value and the same contents unless by mistake. 
So maybe adding the header tag to the ID could reduce chances to have 
non-unique IDs...

So basically, what we'd need is:

# I'm not clear why the internal variables are labeled C and D, so maybe I'm 
missing something here, that may not be arbitrary, but I can't tell...

(de _render (C D E)
   (prin "<" C D " id=\"h" D "-" E "\">")
   (recurse T)
   (prin "") )

which would give us:

My heading

and then, the only thing I need to do (hehehe) is to actually make sure that E 
actually gets the value of the heading.

Am I heading (no pun intended) in the right direction ?

-- 
Jean-Christophe Helary @brandelune
https://mac4translators.blogspot.com
https://sr.ht/~brandelune/omegat-as-a-book/


--
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe