Hello, I recently came up with an issue that prevented the generation of server side includes. Daniel Veillard wrote a patch in version 2.9.0 to help resolve this: http://git.gnome.org/browse/libxml2/diff/?id=7d4c529a334845621e2f805c8ed0e154b3350cec
The issue was that too much escaping was performed when generating html
attributes, so it was disabled within the strings "<!--" and "-->".
Moreover, html attribute values may also be URI escaped, so escaping was also
disabled for the characters '<' and '>'.
Unfortunately, some characters required by SSIs may still be URI encoded,
mainly spaces.
This is an oversight of my part, because they was no space in the example I
came up with, sorry :( .
Since we obviously cannot disable URI escaping for spaces, here is a patch that
disable it within SSIs ("<!--" and "-->"), just like Daniel's previous patches
(and unlike the patch I initially contributed!).
./xsltproc xsl xsl
Before (v2.9.0):
<a
href="<!--#include%20virtual=%22/cgi-bin/example.cgi?argument=value%22-->/dir%20with%20spaces/<!--#if%20expr=%22(%24a%20=%20test1)%20&&%20(%24b%20=%20test2)%22%20-->/dir'with%22quotes/yet%20another%20dir%20with%20spaces/<!--#echo%20var='STATIC_SERVER_B'-->/page.html"
onMouseUp="&{My script};">link</a>
After:
<a href="<!--#include
virtual="/cgi-bin/example.cgi?argument=value"-->/dir%20with%20spaces/<!--#if
expr="($a = test1) && ($b = test2)"
-->/dir'with%22quotes/yet%20another%20dir%20with%20spaces/<!--#echo
var='STATIC_SERVER_B'-->/page.html" onMouseUp="&{My script};">link</a>
As you can see, no escaping is performed at all, which may result in badly
formed html: in this example, the double quotes within the SSIs are not
escaped, even if it is the attribute value delimiter, and ampersand are
preserved, apache is handling this just fine though.
Outside the 3 SSIs, the double quote is properly replaced by %22, like before.
All regression tests are ok.
Thank you for your work and time,
Romain
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete
altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, France Telecom - Orange is not liable for messages
that have been modified, changed or falsified.
Thank you.
xsl
Description: xsl
HTMLtree.patch
Description: HTMLtree.patch
_______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] https://mail.gnome.org/mailman/listinfo/xml
