[pmwiki-users] How to prevent text from being parsed?

Patrick R. Michaud pmichaud at pobox.com
Fri Jan 20 08:14:21 CST 2006 

On Fri, Jan 20, 2006 at 02:22:00PM +0100, Musikschule Bernsbach / Schwarzenberg (Webmaster) wrote:
> Hi...
> 
> In the cookbooks and in the mailing list archives
> I haven't found anything that can help me.
> 
> I want some content NOT being parsed and translated
> in the PmWiki way, but written directly to the browser.
> 
> The idea is to define an directive, which inner text is
> the direct output:
> 
> (:html:)
> <hr />
> <script language="JavaScript">alert("Works!");</script>
> (:htmlend:)
> 
> When I create the markup
>     Markup(
>         "html",
>         "directives",
>         "/\\(:html:\\)(.*?)\\(:htmlend:\\)/",
>         "Keep('$1')"
>     );
> the contents are translated to text output (&lt;hr /&gt;).
> 
> Can someone help please?

Try:

    Markup(
      'html',
      'fulltext',
      '/\\(:html:\\)(.*?)\\(:htmlend:\\)/esi',
      "Keep(str_replace(array('&gt;', '&lt;', '&amp;'), 
                        array('<', '>', '&'), PSS('$1')))");

Keep in mind that this opens up the site to all sorts of cross-site
scripting vulnerabilities if editing the page isn't protected
somehow.

A couple of notes on the above:
  - The rule has to be done on "fulltext" instead of directives in order
    to match things spanning multiple lines, and there has to be a /s
    on the pattern to allow the '.' to match a newline
  - the PSS('$1') is needed so that quotes are properly unescaped

Hope this helps,

Pm

More information about the pmwiki-users mailing list