[pmwiki-devel] More ZAP syntax, notation...
The Editor
editor at fast.st
Thu Mar 22 13:53:45 CDT 2007
Almost done with updating how ZAP encodes data. Now that the code is
otherwise much cleaner, I'm finding there's less to worry about
escaping, etc., here as well.
Now I can submit a directive into an input field, escaped it, save it
in a hidden input field, and restore it by using the (:keep :)
directive in ZAP. This makes it easy to put whole ZAP forms, or
whatever into input fields. I'm also closing an obscure potential bug
in the if/validate command...
My solution is to escape (: :) as ( : and : ) (extra spaces). The
display is off a bit, but when you edit the page it looks better than
using some strange hex number. Do this helps prevent the hidden input
fields from breaking.
Surround that text var with (:keep:) and the extra spaces are removed,
and the directive executed. As you must be able to edit a page to use
(:keep:), it should not admit any security concerns.
Also, if you enter {( )} with a directive and/or parameters, and that
list is in the ZAPdirectives list, (like phplist) it will
automatically be executed as a regular PmWiki directive, which gives a
way for users to enter specified directives without having edit
privileges.
Otherwise, all other encoding changes used to produce ZAP's old magic
boxes are now replaced with a dependence on Han's LiteralWhiteSpace.
So what you enter, is what you save, and what you output. Much
simpler and more straightforward.
It won't break any old forms or comments, etc., but some may display a
bit differently. I may try and work a bit of extra downward
compatibility into ZAP to resolve some of that, but the problems are
quite minimal, and I'm trying to get the code cleaner, not messier.
Any thoughts?
Cheers,
Dan
More information about the pmwiki-devel
mailing list