Re: Interpreting HTML
Hey, I just noticed the first email that you sent, I must've thought it was a question - I must really need sleep since I've been mispelling and reading incorrectly today ;) Sorry for replying to it as though it was a question. Josh Chamas wrote: js wrote: I have apache2 and mod_perl2 setup and running without any problems with .PL files. In apache2 I have my test directory setup like the following: Alias /test/ C:/apache2/htdocs/ Location /test/ SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI /Location How do I stop .HTML files from being interpreted? You could always just match on .pl, like: Location ~ /test/*.pl SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI /Location For more on using Location, please see: http://httpd.apache.org/docs-2.0/mod/core.html#location Regards, Josh Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checker http://www.nodeworks.com -- -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] 206.719.2461 -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Interpreting HTML
Js, instead of Location, use Files Alias /test/ C:/apache2/htdocs/ FILES ~ \.pl$ SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI /FILES Hope this is the solution, or what you're looking for, regards, Patrick js wrote: I have apache2 and mod_perl2 setup and running without any problems with .PL files. In apache2 I have my test directory setup like the following: Alias /test/ C:/apache2/htdocs/ Location /test/ SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI /Location How do I stop .HTML files from being interpreted? JS -- -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] 206.719.2461 -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Interpreting HTML
LocationMatch I think is what you want. Josh Chamas wrote: js wrote: I have apache2 and mod_perl2 setup and running without any problems with .PL files. In apache2 I have my test directory setup like the following: Alias /test/ C:/apache2/htdocs/ Location /test/ SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI /Location How do I stop .HTML files from being interpreted? You could always just match on .pl, like: Location ~ /test/*.pl SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI /Location For more on using Location, please see: http://httpd.apache.org/docs-2.0/mod/core.html#location Regards, Josh Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checker http://www.nodeworks.com -- -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] 206.719.2461 -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Interpreting HTML
yeah, I wasn't quite sure of it... I've been so busy, I never played with it to see what it was capable of. Thanks for the pointer! regards, Patrick Josh Chamas wrote: Patrick Galbraith wrote: LocationMatch I think is what you want. Location ~ ... and LocationMatch ... do the same thing. The trick is the ~ after the Location. Please see http://httpd.apache.org/docs-2.0/mod/core.html#location for more information. Regards, Josh Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc.http://www.chamas.com NodeWorks Link Checker http://www.nodeworks.com -- -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] 206.719.2461 -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Apache::Session
Aleksandr, we had our own stripping methods. Just get the source for slashcode http://slashcode.com and look for Slash/Display/Display.pm: strip_paramattr = \strip_paramattr, Slash/Display/Display.pm: strip_urlattr = \strip_urlattr, Slash/Display/Display.pm: strip_anchor= \strip_anchor, Slash/Display/Display.pm: strip_attribute = \strip_attribute, Slash/Display/Display.pm: strip_code = \strip_code, Slash/Display/Display.pm: strip_extrans = \strip_extrans, Slash/Display/Display.pm: strip_html = \strip_html, Slash/Display/Display.pm: strip_literal = \strip_literal, Slash/Display/Display.pm: strip_nohtml= \strip_nohtml, Slash/Display/Display.pm: strip_notags= \strip_notags, Slash/Display/Display.pm: strip_plaintext = \strip_plaintext, and this'll give you an idea of what slashcode does to deal with it. Hope this helps, Patrick Aleksandr Guidrevitch wrote: Hi, All What have you used to stip out that stuff ? I've reviewied HTML::StripScripts, but it seems to be very slow. I've also considered HTML::Filter to do that but I'm also affraid that HTML::Parser is not the fastest thing on the earth, even though it will be invoked once during initial submission. Could you also advise on this safe subset of html you use ? Sincerely, Alex Patrick Galbraith wrote: Strip out stuff that could be problematic. This is what we did with Slash. We strip out javascript or any tag that can be problematic, or be used even to break the layout of the page. It'll make you're life much easier ;) Take this from someone who coded tons of features to ward off trolls! -- -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] 206.719.2461
Re: Apache::Session
Strip out stuff that could be problematic. This is what we did with Slash. We strip out javascript or any tag that can be problematic, or be used even to break the layout of the page. It'll make you're life much easier ;) Take this from someone who coded tons of features to ward off trolls! Aleksandr Guidrevitch wrote: Hi, All Sorry, this post might be out of scope of this particular list, but still... don't punch me heavily :) I just think the people here might have met this problem while deploying big public applications. I use Apache::Session to identify logged in users. However, the users are allowed to post html (obviously with javascript) messages viewable by others. That could create an XSS vulnerability and allow to steal the sessions (cookies) from other users. Is it possible to uniquely identify the user by some attributes ? The only thing I consider now is IP, but what about proxies and NATs ? User Agent string could also be stolen via javascript. That means I tend to make stolen session ids non-reusable. Any thoughts ? Sincerely, Aleksandr Guidrevitch -- -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] 206.719.2461
Re: templating system opinions
I'm guessing they use it for IMDB, although they may have other projects as well that use it. I do know that their core app is C++/apache, with some sort of perl glue to talk to the app. Nice that they are such an apache/perl/OS house considering they're here in Seattle, mere miles from Redmond ;) They're also not one of several places who think jumping on the java bandwagon is the path to enlightenment. Ehem. On Mon, 21 Jul 2003, Dave Rolsky wrote: On Mon, 21 Jul 2003, Drew Taylor wrote: I personally have not seen an official announcement, but if you look at all their postings on jobs.perl.org you'll notice that nearly every one of them mentions Mason. I'm sure Dave will have more to say on the subject... :-) Not too much more. But hopefully more will be forthcoming from people closer to Amazon than I. -dave /*=== House Absolute Consulting www.houseabsolute.com ===*/ -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: templating system opinions (axkit?)
Anyone on this list use AxKit? I'm curious how it pans out. I like the idea of XSLT/XML, though I find myself trying to read between the lines of hype vs. something that's actually very useful. I don't know, so I don't have any opinions. I do know I'd like to use XSLT/XML so as to have a project to use it for, hence learn it. Not just that, but what about SOAP... Net RPC... I'd like to know where those fit in as well. I get so tired of Java types talking about how perl is just a scripting language.. it's not an application platform/server like Dynamo/WebSpere/insert $$$ java non-OS app here. I even tried to crack a particular Orielly java book and was turned off on a statement like Perl is good for proto-typing but not a full application server. Yes, there are a lot of prototypes getting millions of pageviews a day and generating signicifican revenue. I'd like to see perl/mod_perl reclaim some of the lost ground. On Sun, 20 Jul 2003, Dave Rolsky wrote: On Sun, 20 Jul 2003, Patrick Galbraith wrote: I've been working at Classmates.com for a couple months contracting, and they use Text::Forge. I've been impressed by the performance, and wish it was a big player. Part of the reason it isn't is guys like me should contribute to it and make it a bigger player. I'd say the big reason it's not a big player is that it doesn't offer anything new. It also doesn't seem to be very actively developed and has very little documentation. I really like the syntax - it looks a lot like JSP. Yeah, just like Apache::ASP ;) All of this said, what is the most commonly used system out there? The biggest players are Mason and Template Toolkit, judging from big companies that have used them, as well as job posting. HTML::Template, Embperl, and Apache::ASP all seem to have reasonably active user bases as well. -dave /*=== House Absolute Consulting www.houseabsolute.com ===*/ -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: templating system opinions
I've been working at Classmates.com for a couple months contracting, and they use Text::Forge. I've been impressed by the performance, and wish it was a big player. Part of the reason it isn't is guys like me should contribute to it and make it a bigger player. I really like the syntax - it looks a lot like JSP. They serve out around 12-13M pageviews a day using it. It just doesn't have a lot of active contributors to it now. Eventually, they will switch to java/atg dynamo. ... All of this said, what is the most commonly used system out there? Jesse Erlbaum wrote: Hi Chris, Patrick -- I post on this topic with some reluctance. Asking which templating system is best is like asking which operating system is best -- or which political party is best (or political system, I suppose). It's Jihad, baby! OTOH, I've never met a flamethrower I didn't like. What's best depends on what your requirements are. As far as I can tell, the big ones are Template::Toolkit, Mason, and HTML::Template One picky point: Mason is NOT a templating system. It is a programming system. If you're going to call Mason a templating system, you might as well refer to Perl as a templating system: my $name = Jesse; print Hello, my name is $name\n; Presto, blammo -- a new templating system! The big players are Template::Toolkit and HTML::Template. It's no secret that I'm a fan of HTML::Template -- Sam and I worked together when he wrote it, and my module, CGI::Application, uses it out of the box (although it does support TT). I use HTML::Template because designers can't be trusted to set variables. Boolean logic is about all their simple minds can handle. Anything which doesn't look like HTML is likely to cause them to have a stroke. Yes, I'm a programmer-snob and a fascist, and I like to take sharp objects away from the gentle creative types. Aside from the fact that HTML::Template uses less RAM and is faster than TT, this is the foremost reason I continue to use it. TTYL, -Jesse- -- Jesse Erlbaum The Erlbaum Group [EMAIL PROTECTED] Phone: 212-684-6161 Fax: 212-684-6226 -- -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 206.719.2461
templating system opinions
Hi there, Just wondering what the best templating system is to use and/or learn. I've briefly read up on the pros and cons of each, and am just wondering which one is the most widely _used_ and best to learn if you're wanting to know something that there are jobs for. thanks ;) -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: templating system opinions
Thanks much, Yeah, I worked with TT when I was on the Slash team ;) On Fri, 18 Jul 2003, Chris Devers wrote: On Fri, 18 Jul 2003, Patrick Galbraith wrote: Just wondering what the best templating system is to use and/or learn. I've briefly read up on the pros and cons of each, and am just wondering which one is the most widely _used_ and best to learn if you're wanting to know something that there are jobs for. What's best depends on what your requirements are. As far as I can tell, the big ones are Template::Toolkit, Mason, and HTML::Template; each one makes different tradeoffs and makes different assumptions about the division of labor among programmers, web developers, content producers. TT is probably the most flexible, but that or might not be what you want. Honestly, of the three I just listed, none of them are *that* complicated. If you want to learn these for job hunting purposes -- in which case it's not really fair to ask you what the requirements are, since you can't really know that -- you might as well experiment with all three. A good way to start might be by playing with different content management etc platforms that use these toolkits. From what I've read, the biggest examples I can think of are: * Slashcode (TT based, runs slashdot.org) * Bricolage (H::T, http://www.bricolage.cc/docs/Bric/HTMLTemplate.html, CMS used by theregister.co.uk et al) * Request Tracker (excellent ticketing system, runs http://rt.cpan.org/, home page is http://www.bestpractical.com/rt) Any of these can be downloaded used freely. If you have the time for it, grab a copy of one or more and start playing around. Have fun :) -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: templating system opinions
The one thing about TT was that I don't know if I really liked how it had a different syntax than perl. Plus, as far as performance, we did some specific coding to make it faster for Slash so our templates would be in the DB. On 18 Jul 2003, Mark Maunder wrote: Hey Peter, Template Toolkit rocks! (Sorry about the overt glee, but I am just finishing a project where it has been very good to me) Besides the complete seperation that it gives you between presentation and back-end coding, it's super fast. I benchmarked a 2GHz server with 256 Megs of RAM using ab (Apache bench) with around 10 concurrent requests and a total of 10,000 requests and was able to handle over 40 hits per second on our most dynamic page which has lots of conditionals and loops and even does a few function calls like this [% IF sess.is_logged_in %] where 'sess' is a perl object. NOTE: Make sure you cache your template object in package globals or something like that, or you'll lose performance. I've written a couple of workable templating systems myself with good old $html =~ s///egs and a content handler (as a perl developers rite of passage don't ya know) and I wouldn't recommend it because you end up with something non-standard, and are basically re-inventing template toolkit which seems to have become the standard in templating over the last coupla years. Old, but still useful benchmarks if you're interested: http://www.chamas.com/bench/ mark. On Fri, 2003-07-18 at 13:26, Ken Y. Clark wrote: On Fri, 18 Jul 2003, Patrick Galbraith wrote: Date: Fri, 18 Jul 2003 14:25:32 -0700 (PDT) From: Patrick Galbraith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: templating system opinions Hi there, Just wondering what the best templating system is to use and/or learn. I've briefly read up on the pros and cons of each, and am just wondering which one is the most widely _used_ and best to learn if you're wanting to know something that there are jobs for. thanks ;) Search the guide: http://perl.apache.org/search/swish.cgi?query=templatesbm=submit=search ky -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: templating system opinions
TT was ok, but it did use a bunch of ram ;) I gotta have something to counter PHP people with too ;) On Fri, 18 Jul 2003, Chris Devers wrote: On Fri, 18 Jul 2003, Patrick Galbraith wrote: Yeah, I worked with TT when I was on the Slash team ;) Then why are you asking a question like this?? :) -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
How do you set vars via interactive startup?
Hi there,
I'm trying to figure out how one would set vars via a startup.pl script or
using PerlSections. I want to set a var on startup where I'll be prompted
and a var that I can retrieve via $r-dir_config('FOO') will get me that
value.
I've tried endless ideas, none of which are working
The most promising is using PerlSections:
Perl
use Apache::PerlSections();
$Apache::Server::SaveConfig = 1;
if ($Apache::Server::Starting) {
print Enter some value you don't want written down: ;
$mytmp::value = STDIN;
chomp $mytmp::value;
} else {
print value = '$mytmp::value'\n;
push @PerlSetVar, [Foo = $mytmp::value];
}
print STDERR Apache::PerlSections-dump();
/Perl
This is listed on
http://www.geocrawler.com/archives/3/182/2002/11/0/10255638/ and is an
example by Stas Bekman. For me, it only works if I run a single httpd via
-X (I set this in apachectl). It's something to do with the double start,
which this example is supposed to overcome.
Other things I've tried are using HTTPD=/usr/sbin/httpd `moduleargs`
$OPTIONS -c $PERLSETVAR where $PERLSETVAR is set via $2
apachectl start foopass
PERLSETVAR=PerlSetVar FOO $2
But I'm not the best shell programmer, and somehow the shell program
munges the PerlSetVar line. If I take the same output and run it via
command line:
/usr/sbin/httpd -DHAVE_SETENVIF -DHAVE_CERN_META -DHAVE_EXPIRES
-DHAVE_ACCESS -DHAVE_ASIS -DHAVE_NEGOTIATION -DHAVE_AUTH -DHAVE_IMAP
-DHAVE_USERTRACK -DHAVE_INFO -DHAVE_SSL -DHAVE_AUTH_DBM -DHAVE_AUTH_DB
-DHAVE_VHOST_ALIAS -DHAVE_ACTIONS -DHAVE_LOG_CONFIG -DHAVE_LOG_AGENT
-DHAVE_MMAP_STATIC -DHAVE_PROXY -DHAVE_PERL -DHAVE_MIME_MAGIC
-DHAVE_EXAMPLE -DHAVE_STATUS -DHAVE_PHP4 -DHAVE_LOG_REFERER -DHAVE_ALIAS
-DHAVE_MIME -DHAVE_SPELING -DHAVE_AUTOINDEX -DHAVE_USERDIR
-DHAVE_UNIQUE_ID -DHAVE_REWRITE -DHAVE_CGI -DHAVE_INCLUDE -DHAVE_DIR
-DHAVE_ENV -DHAVE_AUTH_ANON -DHAVE_DIGEST -DHAVE_HEADERS -c 'PerlSetVar
PASS foo'
It works, but that's not a good solution.
I've tried things like a set method that sets a class variable of the
handler I'm calling in startup.pl.. doesn't work.
So, I'm stumped. Any ideas? I'd be so greatful!
--
Patrick Galbraith
Senior Software Developer
[EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
Re: How do you set vars via interactive startup?
Yes, if I hardcode it, fine, but not via reading STDIN into a var, and then setting whatever to that var. On 16 Jul 2003, Perrin Harkins wrote: On Wed, 2003-07-16 at 17:39, Patrick Galbraith wrote: I'm trying to figure out how one would set vars via a startup.pl script or using PerlSections. Is there a reason you can't just put it in a global? The dir_config() stuff is really for when you want to config something specific to a directory or virtual host. I've tried things like a set method that sets a class variable of the handler I'm calling in startup.pl.. doesn't work. Something like this doesn't work? $Some::Package::Foo = 7; - Perrin -- Patrick Galbraith Senior Software Developer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
