HTML draft - clarification of quoted string processing
cheung@eplrx7.es.dupont.com (Bryan Cheung)
Date: Fri, 3 Dec 93 10:48:17 EST
Message-id: <9312031548.AA23860@eplrx7.es.duPont.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: www-talk@nxoc01.cern.ch
From: cheung@eplrx7.es.dupont.com (Bryan Cheung)
Subject: HTML draft - clarification of quoted string processing
I may just be blind, but I don't see a place in the HTML spec which
describes what is supposed to happen to special characters inside quoted
strings. Consider an HTML statement such as:
<form method=post action="/htbin-post/banner hello > foobar">
...form goes here
</form>
My question relates to how the i/o redirection character (or any special
character) is to be treated when used within quotes inside of a standard
HTML directive. Should special characters be completely protected when
quoted inside of a directive?? Does it make sense to specify that escapes
such as > be used within quoted strings? Where should this go in the
spec? (I looked for it, and can't find it - please point me there if I
missed it.
On a related note, the above question was generated by some strange
behavior I discovered in the following abuse of NCSA httpd, and X Mosaic:
HTML file:
===========================================================
<pre>
<inc srv "|echo Backslash escapes:">
<inc srv "| echo greater than: \>">
<inc srv "| echo less than: \<">
<inc srv "|echo HTML amper/semi escapes:">
<inc srv "| echo greater than: >">
<inc srv "| echo less than: <">
</pre>
===========================================================
Source received by X Mosaic:
===========================================================
<pre>
Backslash escapes:
greater than:
">
less than: <
HTML amper/semi escapes:
greater than:
less than:
</pre>
===========================================================
A few questions:
1) Why are extra newlines generated after each <inc srv "|blah">
directive?
2) Why doesn't \> work when \< seems to.
3) Does this happen only to me?
I am using XMosaic 2.0 and httpd 1.0a5 under AIX 3.2.4.
-- Bryan Cheung
cheung@eplrx7.es.dupont.com