[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WebSec 1.9.0 released
From: |
Trevor Boicey |
Subject: |
Re: WebSec 1.9.0 released |
Date: |
Sun, 22 Jan 2006 00:13:20 -0500 |
User-agent: |
Mail/News 1.5 (X11/20051111) |
Baruch Even wrote:
http://www.aomci.org/cgi-bin/adshow.pl?PERPAGE=200&OFFSET=1
The diff is done with webdiff, which is part of websec. If you can dig
into it and fix the issue it would be great.
I don't have much time to go deep into websec, so I mostly add patches
from the (few) users.
From a quick analysis, it seems to be a problem with the <PRE> tag.
Which is admittedly seldom used anymore.
The original text is something like:
<PRE>
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Nullam neque
ipsum, interdum eu, suscipit et, faucibus interdum, massa. Nam cursus
fermentum pede. Phasellus faucibus suscipit magna. Pellentesque neque
elit, rhoncus nec, fermentum ut, rhoncus eu, mi.
</PRE>
So the carriage returns would normally appear in the output and it
wouldn't be all one line.
After webdiff, it becomes something like:
<PRE>
<SPAN ...>
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Nullam neque
ipsum, interdum eu, suscipit et, faucibus interdum, massa. Nam cursus
fermentum pede. Phasellus faucibus suscipit magna. Pellentesque neque
elit, rhoncus nec, fermentum ut, rhoncus eu, mi.
</SPAN>
</PRE>
...so the SPAN overrides the PRE and is treated as one giant line and
comes out as a page that is several screens wide.
Two solutions spring to mind...
One would be to, when inside <PRE> blocks, replace \n with <BR>\n.
This would probably be a workable solution. For additional mangling,
consider replacing <PRE></PRE> with a <FONT></FONT> tag that sets a
monospace font.
An easier one might be to just dispose of <PRE> and </PRE> tags
entirely, just clean them out of the HTML. This would certainly be a lot
easier and probably harmless for many purposes.
However, the last case scares me a little because one place you see a
lot of <PRE> tags are sites that have source code on them. The source
code would be fairly mangled if you allowed the browser to suggest the
line breaks. It would fix this site, but perhaps break others.
--
Trevor Boicey, P. Eng.
Ottawa, Canada, address@hidden
ICQ #17432933 http://www.brit.ca/~tboicey/