Re: WebSec 1.9.0 released

Sat, 21 Jan 2006 21:13:35 -0800 

Baruch Even wrote:

http://www.aomci.org/cgi-bin/adshow.pl?PERPAGE=200&OFFSET=1


The diff is done with webdiff, which is part of websec. If you can dig
into it and fix the issue it would be great.

I don't have much time to go deep into websec, so I mostly add patches
from the (few) users.



  From a quick analysis, it seems to be a problem with the <PRE> tag. 
Which is admittedly seldom used anymore.


  The original text is something like:

<PRE>

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Nullam neque 
ipsum, interdum eu, suscipit et, faucibus interdum, massa. Nam cursus 
fermentum pede. Phasellus faucibus suscipit magna. Pellentesque neque 
elit, rhoncus nec, fermentum ut, rhoncus eu, mi.

</PRE>


  So the carriage returns would normally appear in the output and it 
wouldn't be all one line.


  After webdiff, it becomes something like:

<PRE>
<SPAN ...>

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Nullam neque 
ipsum, interdum eu, suscipit et, faucibus interdum, massa. Nam cursus 
fermentum pede. Phasellus faucibus suscipit magna. Pellentesque neque 
elit, rhoncus nec, fermentum ut, rhoncus eu, mi.

</SPAN>
</PRE>


  ...so the SPAN overrides the PRE and is treated as one giant line and 
comes out as a page that is several screens wide.


  Two solutions spring to mind...


  One would be to, when inside <PRE> blocks, replace \n with <BR>\n. 
This would probably be a workable solution. For additional mangling, 
consider replacing <PRE></PRE> with a <FONT></FONT> tag that sets a 
monospace font.



  An easier one might be to just dispose of <PRE> and </PRE> tags 
entirely, just clean them out of the HTML. This would certainly be a lot 
easier and probably harmless for many purposes.



  However, the last case scares me a little because one place you see a 
lot of <PRE> tags are sites that have source code on them. The source 
code would be fairly mangled if you allowed the browser to suggest the 
line breaks. It would fix this site, but perhaps break others.


--
Trevor Boicey, P. Eng.
Ottawa, Canada, [EMAIL PROTECTED]
ICQ #17432933 http://www.brit.ca/~tboicey/


_______________________________________________
WebSec-users mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/websec-users






















					Reply via email to