httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <>
Subject Re: Patch B59 uploaded: include bugs
Date Fri, 07 Apr 1995 13:57:48 GMT
> I've uploaded B59-include-bugs-needs-B46.txt which fixes several bugs
> in http_include.c's parsing routines:
> Bugs fixed: (decreasing importance)
>  * Couldn't have \ in tag value strings.
>  * Couldn't have html entities in tag values, such as &quot;

>  * #echo did not html encode & < > in the string it echoed

Er, do we want to be making the server rewrite ANY text that is in the
control of users?  If the solution is for the user to write &lt; &gt;
in their #echo then it should be up to them.

I'm probably missing the point, but as a general rule I think the server
shouldn't modify any text the user supplies.  If the user wants to break
her/his browser then that's their lookout.

>  * #directive names were case sensitive

Er, what does that mean?  Got an example?

>  * tag names were case sensitive
>  * tag value strings should be delimited by " _or_ '
>  * did not allow whitespace around = in tag=value, or between -- and >

Right, I'd seen that, never thought of it as a bug before tho.  Good.

>  David.


     Andrew Wilson	     URL:
Elsevier Science, Oxford   Office: +44 01865 843155    Mobile: +44 0589 616144

View raw message