diff options
| author | ville <ville@localhost> | 2005-01-15 15:20:39 +0000 |
|---|---|---|
| committer | ville <ville@localhost> | 2005-01-15 15:20:39 +0000 |
| commit | 99966e2db01a11d70046eafe2e944150a82e4edc (patch) | |
| tree | 7561a2eec1db0020981eaec36c2fa0704a46c738 | |
| parent | ee6eef7c4b5f839ea3407e4c5a98fe7eacbba5c1 (diff) | |
| download | markup-validator-99966e2db01a11d70046eafe2e944150a82e4edc.zip markup-validator-99966e2db01a11d70046eafe2e944150a82e4edc.tar.gz markup-validator-99966e2db01a11d70046eafe2e944150a82e4edc.tar.bz2 | |
Move more HTML escaping to templates.
| -rw-r--r-- | htdocs/config/tips.cfg | 6 | ||||
| -rwxr-xr-x | httpd/cgi-bin/check | 50 | ||||
| -rw-r--r-- | share/templates/en_US/feedback.tmpl | 4 | ||||
| -rw-r--r-- | share/templates/en_US/invalid.tmpl | 12 | ||||
| -rw-r--r-- | share/templates/en_US/opt_show_source.tmpl | 2 | ||||
| -rw-r--r-- | share/templates/en_US/table.tmpl | 26 | ||||
| -rw-r--r-- | share/templates/en_US/tip.tmpl | 2 | ||||
| -rw-r--r-- | share/templates/en_US/valid.tmpl | 39 |
8 files changed, 69 insertions, 72 deletions
diff --git a/htdocs/config/tips.cfg b/htdocs/config/tips.cfg index 88e67db..dbe0e42 100644 --- a/htdocs/config/tips.cfg +++ b/htdocs/config/tips.cfg @@ -3,9 +3,11 @@ # # Each key is a URL and the value is the text that should be displayed as # the link to it. Will appear in Validation Results pages. To disable -# just comment out or delete all lines in this file. +# just comment out or delete all lines in this file. The URL should be a +# properly escaped URI (not HTML escaped), and the value is included as-is +# in the markup. # -# $Id: tips.cfg,v 1.10 2004-08-03 06:17:35 ot Exp $ +# $Id: tips.cfg,v 1.11 2005-01-15 15:20:39 ville Exp $ # http://www.w3.org/QA/Tips/good-titles = <strong><title></strong>: the most important element of a quality Web page. diff --git a/httpd/cgi-bin/check b/httpd/cgi-bin/check index 9361b0f..34c05e0 100755 --- a/httpd/cgi-bin/check +++ b/httpd/cgi-bin/check @@ -9,7 +9,7 @@ # This source code is available under the license at: # http://www.w3.org/Consortium/Legal/copyright-software # -# $Id: check,v 1.372 2005-01-09 20:40:33 ville Exp $ +# $Id: check,v 1.373 2005-01-15 15:20:39 ville Exp $ # # Disable buffering on STDOUT! @@ -222,7 +222,7 @@ Directory not readable (permission denied): @_r # # Strings - $VERSION = q$Revision: 1.372 $; + $VERSION = q$Revision: 1.373 $; $VERSION =~ s/Revision: ([\d\.]+) /$1/; # @@ -303,6 +303,7 @@ my $T = HTML::Template->new( filename => File::Spec->catfile($CFG->{Paths}->{Templates}, $lang, 'result.tmpl'), die_on_bad_params => FALSE, + loop_context_vars => TRUE, ); my $E = HTML::Template->new( filename => File::Spec->catfile($CFG->{Paths}->{Templates}, @@ -415,15 +416,15 @@ if ($File->{Charset}->{HTTP}) { # HTTP, if given, is authoritative. $File->{Charset}->{Use} = 'us-ascii'; my @_source; if ($File->{'Is Upload'}) { - @_source = ('sent by your web browser', ($File->{Server}||'unknown'), 'browser send'); + @_source = ('sent by your web browser', &ent($File->{Server}||'unknown'), 'browser send'); } else { - @_source = ('returned by your web server', ($File->{Server}||'unknown'), 'server return'); + @_source = ('returned by your web server', &ent($File->{Server}||'unknown'), 'server return'); } + my $ct = &ent($File->{ContentType}); &add_warning($File, 'note', 'Note:', <<".EOF."); The HTTP Content-Type header $_source[0] ($_source[1]) did not contain a "charset" parameter, but the Content-Type was one of the XML text/* - sub-types (<code>$File->{ContentType}</code>). The relevant - specification + sub-types (<code>$ct</code>). The relevant specification (<a href="http://www.ietf.org/rfc/rfc3023.txt">RFC 3023</a>) specifies a strong default of "us-ascii" for such documents so we will use this value regardless of any encoding you @@ -695,15 +696,15 @@ sub parse (\$) { # # Set debug info for HTML report. $T->param(opt_debug => $DEBUG); - $T->param( - debug => [ - {name => 'Command', value => &ent("@cmd")}, - {name => 'SP_CHARSET_FIXED', value => &ent($ENV{SP_CHARSET_FIXED})}, - {name => 'SP_ENCODING', value => &ent($ENV{SP_ENCODING})}, - {name => 'SP_BCTF', value => &ent($ENV{SP_BCTF})}, - {name => 'Content-Encoding', value => &ent($File->{ContentEnc})}, - {name => 'Transfer-Encoding',value => &ent($File->{TransferEnc})}, - ], + $T->param(debug => + [ + {name => 'Command', value => "@cmd"}, + {name => 'SP_CHARSET_FIXED', value => $ENV{SP_CHARSET_FIXED}}, + {name => 'SP_ENCODING', value => $ENV{SP_ENCODING}}, + {name => 'SP_BCTF', value => $ENV{SP_BCTF}}, + {name => 'Content-Encoding', value => $File->{ContentEnc}}, + {name => 'Transfer-Encoding', value => $File->{TransferEnc}}, + ], ); #FIXME: This needs a UI and testing! @@ -836,8 +837,6 @@ if (&is_xml($File) and not $File->{DOCTYPE}) { # Get the pretty text version of the FPI if a mapping exists. if (my $prettyver = $CFG->{Types}->{$File->{Version}}->{Display}) { $File->{Version} = $prettyver; -} else { - $File->{Version} = &ent($File->{Version}); } # @@ -937,7 +936,7 @@ sub prep_template ($$) { # # The URI... - $T->param(file_uri => &ent($File->{URI})); + $T->param(file_uri => $File->{URI}); $T->param(file_uri_param => uri_escape($File->{URI})); # @@ -965,7 +964,7 @@ sub prep_template ($$) { # # Namespaces... - $T->param(file_namespace => &ent($File->{Namespace})); + $T->param(file_namespace => $File->{Namespace}); # $T->param(file_namespaces => $File->{Namespaces}) # if $File->{Namespaces}; } @@ -1255,7 +1254,7 @@ sub handle_uri { $File->{TransferEnc} = $res->header('Client-Transfer-Encoding'); $File->{Charset}->{HTTP} = lc $charset; $File->{Modified} = $lastmod; - $File->{Server} = &ent(scalar $res->server); + $File->{Server} = scalar $res->server; $File->{Size} = scalar $res->content_length; $File->{URI} = scalar $res->request->uri->canonical; $File->{'Is Upload'} = FALSE; @@ -1284,7 +1283,7 @@ sub handle_file { $File->{ContentType} = $ct; $File->{Charset}->{HTTP} = lc $charset; $File->{Modified} = $h->{'Last-Modified'}; - $File->{Server} = &ent($h->{'User-Agent'}); # Fake a "server". :-) + $File->{Server} = $h->{'User-Agent'}; # Fake a "server". :-) $File->{Size} = $h->{'Content-Length'}; $File->{URI} = "$f"; # Need to stringify because we want ref # to return false later in add_table. This @@ -1865,17 +1864,12 @@ sub outline { # Create a HTML representation of the document. sub source { my $File = shift; - my $line = 1; - my @source = (); # Remove any BOM since we're not at BOT anymore... $File->{Content}->[0] = substr $File->{Content}->[0], ($File->{BOM} ? 3 : 0); # remove BOM - for (@{$File->{Content}}) { - push @source, {file_source_i => $line, file_source_line => ent $_}; - $line++; - } + my @source = map({file_source_line => $_}, @{$File->{Content}}); return \@source; } @@ -2500,7 +2494,7 @@ X-W3C-Validator-Errors: $errs <meta> <uri>), &ent($File->{URI}), qq(</uri> <modified>), &ent($File->{Modified}), qq(</modified> - <server>), $File->{Server}, qq(</server> + <server>), &ent($File->{Server}), qq(</server> <size>), &ent($File->{Size}), qq(</size> <encoding>), &ent($File->{Charset}->{Use}), qq(</encoding> <doctype>), &ent($File->{DOCTYPE}), qq(</doctype> diff --git a/share/templates/en_US/feedback.tmpl b/share/templates/en_US/feedback.tmpl index d003b8f..fafaf8a 100644 --- a/share/templates/en_US/feedback.tmpl +++ b/share/templates/en_US/feedback.tmpl @@ -23,9 +23,9 @@ <TMPL_IF NAME="errmsg_id"> - <p>You are sending feedback on error message [<TMPL_VAR NAME="errmsg_id">]: "<TMPL_VAR NAME="explanation">".</p> + <p>You are sending feedback on error message [<TMPL_VAR NAME="errmsg_id" ESCAPE="HTML">]: "<TMPL_VAR NAME="explanation" ESCAPE="HTML">".</p> <p>Before you send this message, we encourage you to - <a href="http://www.w3.org/Search/Mail/Public/search?type-index=www-validator&index-type=t&keywords=%5BVE%5D%5B<TMPL_VAR NAME="errmsg_id">%5D&search=Search">search the archives for existing messages</a> on this error + <a href="http://www.w3.org/Search/Mail/Public/search?type-index=www-validator&index-type=t&keywords=%5BVE%5D%5B<TMPL_VAR NAME="errmsg_id" ESCAPE="URL">%5D&search=Search">search the archives for existing messages</a> on this error in case your feedback has already been sent, or answers to your query have already been given. </p> <TMPL_ELSE> diff --git a/share/templates/en_US/invalid.tmpl b/share/templates/en_US/invalid.tmpl index 8b89904..6e12878 100644 --- a/share/templates/en_US/invalid.tmpl +++ b/share/templates/en_US/invalid.tmpl @@ -1,9 +1,9 @@ <div id="result"> - <h2 id="results" class="invalid">This page is <strong>not</strong> Valid <TMPL_VAR NAME="file_version">!</h2> + <h2 id="results" class="invalid">This page is <strong>not</strong> Valid <TMPL_VAR NAME="file_version" ESCAPE="HTML">!</h2> <TMPL_IF NAME="file_warnings"> <dl id="warnings"> <TMPL_LOOP NAME="file_warnings"> - <dt><TMPL_VAR NAME="Title"></dt> + <dt><TMPL_VAR NAME="Title" ESCAPE="HTML"></dt> <dd> <TMPL_VAR NAME="Message"> </dd> @@ -25,10 +25,10 @@ <ol> <TMPL_LOOP NAME="file_errors"> <li> - <em>Line <a href="#line-<TMPL_VAR NAME="line">"><TMPL_VAR NAME="line"></a>, - column <TMPL_VAR NAME="char"></em>: - <span class="msg"><TMPL_VAR NAME="msg"></span> -<TMPL_IF NAME="uri">(<a href="<TMPL_VAR NAME="uri">">explain...</a>)</TMPL_IF>. + <em>Line <a href="#line-<TMPL_VAR NAME="line" ESCAPE="HTML">"><TMPL_VAR NAME="line" ESCAPE="HTML"></a>, + column <TMPL_VAR NAME="char" ESCAPE="HTML"></em>: + <span class="msg"><TMPL_VAR NAME="msg" ESCAPE="HTML"></span> +<TMPL_IF NAME="uri">(<a href="<TMPL_VAR NAME="uri" ESCAPE="HTML">">explain...</a>)</TMPL_IF>. <pre><code class="input"><TMPL_VAR NAME="src"></code></pre> <TMPL_IF NAME="expl"><TMPL_VAR NAME="expl"></TMPL_IF> </li> diff --git a/share/templates/en_US/opt_show_source.tmpl b/share/templates/en_US/opt_show_source.tmpl index c4d3cf3..502f71d 100644 --- a/share/templates/en_US/opt_show_source.tmpl +++ b/share/templates/en_US/opt_show_source.tmpl @@ -4,7 +4,7 @@ <p>Below is the source input I used for this validation:</p> <ol class="source"> <TMPL_LOOP NAME="file_source"> - <li id="line-<TMPL_VAR NAME="file_source_i">"><TMPL_VAR NAME="file_source_line"></li> + <li id="line-<TMPL_VAR NAME="__counter__">"><TMPL_VAR NAME="file_source_line" ESCAPE="HTML"></li> </TMPL_LOOP> </ol> </div> diff --git a/share/templates/en_US/table.tmpl b/share/templates/en_US/table.tmpl index 77da71a..3470b81 100644 --- a/share/templates/en_US/table.tmpl +++ b/share/templates/en_US/table.tmpl @@ -3,31 +3,31 @@ <table class="header"> <tr> <TMPL_IF NAME="is_upload"> - <th>File:</th><td colspan="2"><TMPL_VAR NAME="file_uri"></td> + <th>File:</th><td colspan="2"><TMPL_VAR NAME="file_uri" ESCAPE="HTML"></td> <TMPL_ELSE> <th><label title="Address of Page to Validate (accesskey: 1)" for="uri">Address</label>:</th> - <td colspan="2"><input accesskey="1" type="text" id="uri" name="uri" value="<TMPL_VAR NAME="file_uri">" /></td> + <td colspan="2"><input accesskey="1" type="text" id="uri" name="uri" value="<TMPL_VAR NAME="file_uri" ESCAPE="HTML">" /></td> </TMPL_IF> </tr> <TMPL_IF NAME="opt_verbose"> - <tr><th>Modified:</th><td colspan="2"><TMPL_VAR NAME="file_modified"></td></tr> - <tr><th>Server:</th><td colspan="2"><TMPL_VAR NAME="file_server"></td></tr> - <tr><th>Size:</th><td colspan="2"><TMPL_VAR NAME="file_size"></td></tr> - <tr><th>Content-Type:</th><td colspan="2"><TMPL_VAR NAME="file_contenttype"></td></tr> + <tr><th>Modified:</th><td colspan="2"><TMPL_VAR NAME="file_modified" ESCAPE="HTML"></td></tr> + <tr><th>Server:</th><td colspan="2"><TMPL_VAR NAME="file_server" ESCAPE="HTML"></td></tr> + <tr><th>Size:</th><td colspan="2"><TMPL_VAR NAME="file_size" ESCAPE="HTML"></td></tr> + <tr><th>Content-Type:</th><td colspan="2"><TMPL_VAR NAME="file_contenttype" ESCAPE="HTML"></td></tr> </TMPL_IF> <TMPL_IF NAME="opt_debug"> <TMPL_LOOP NAME="debug"> - <tr><th><TMPL_VAR NAME="name">:</th><td colspan="2"><TMPL_VAR NAME="value"></td></tr> + <tr><th><TMPL_VAR NAME="name" ESCAPE="HTML">:</th><td colspan="2"><TMPL_VAR NAME="value" ESCAPE="HTML"></td></tr> </TMPL_LOOP> </TMPL_IF> <TMPL_IF NAME="is_upload"> - <tr><th>Encoding:</th><td colspan="2"><TMPL_VAR NAME="file_charset"></td></tr> - <tr><th>Doctype:</th><td colspan="2"><TMPL_VAR NAME="file_version"></td></tr> + <tr><th>Encoding:</th><td colspan="2"><TMPL_VAR NAME="file_charset" ESCAPE="HTML"></td></tr> + <tr><th>Doctype:</th><td colspan="2"><TMPL_VAR NAME="file_version" ESCAPE="HTML"></td></tr> <TMPL_ELSE> <TMPL_IF NAME="file_charset"> <tr> <th><label accesskey="2" title="Character Encoding (accesskey: 2)" for="charset">Encoding</label>:</th> - <td><TMPL_VAR NAME="file_charset"></td><td><TMPL_INCLUDE NAME="popup_charset.tmpl"></td> + <td><TMPL_VAR NAME="file_charset" ESCAPE="HTML"></td><td><TMPL_INCLUDE NAME="popup_charset.tmpl"></td> </tr> <TMPL_ELSE> <tr><th>Encoding:</th><td colspan="2"><TMPL_INCLUDE NAME="popup_charset.tmpl"></td></tr> @@ -35,7 +35,7 @@ <TMPL_IF NAME="file_version"> <tr> <th><label accesskey="3" for="doctype" title="Document Type (accesskey: 3)">Doctype</label>:</th> - <td><TMPL_VAR NAME="file_version"></td><td><TMPL_INCLUDE NAME="popup_doctype.tmpl"></td> + <td><TMPL_VAR NAME="file_version" ESCAPE="HTML"></td><td><TMPL_INCLUDE NAME="popup_doctype.tmpl"></td> </tr> <TMPL_ELSE> <tr><th>Doctype:</th><td colspan="2"><TMPL_INCLUDE NAME="popup_doctype.tmpl"></td></tr> @@ -44,7 +44,7 @@ <TMPL_IF NAME="file_namespace"> <tr> <th>Root Namespace:</th> - <td colspan="2"><a href="<TMPL_VAR NAME="file_namespace">"><TMPL_VAR NAME="file_namespace"></a></td> + <td colspan="2"><a href="<TMPL_VAR NAME="file_namespace" ESCAPE="HTML">"><TMPL_VAR NAME="file_namespace" ESCAPE="HTML"></a></td> </tr> </TMPL_IF> <TMPL_IF NAME="file_namespaces"> @@ -52,7 +52,7 @@ <th>Other Namespaces</th> <td colspan="2"> <ul> - <TMPL_LOOP NAME="file_namespaces"><li><a href="<TMPL_VAR NAME="uri">"><TMPL_VAR NAME="uri"></a></li></TMPL_LOOP> + <TMPL_LOOP NAME="file_namespaces"><li><a href="<TMPL_VAR NAME="uri" ESCAPE="HTML">"><TMPL_VAR NAME="uri" ESCAPE="HTML"></a></li></TMPL_LOOP> </ul> </td> </tr> diff --git a/share/templates/en_US/tip.tmpl b/share/templates/en_US/tip.tmpl index 321855b..3a349da 100644 --- a/share/templates/en_US/tip.tmpl +++ b/share/templates/en_US/tip.tmpl @@ -1,4 +1,4 @@ <dl class="tip"> <dt><a href="http://www.w3.org/2001/06tips/">Tip Of The Day</a>:</dt> - <dd><a href="<TMPL_VAR NAME="tip_uri">"><TMPL_VAR NAME="tip_slug"></a></dd> + <dd><a href="<TMPL_VAR NAME="tip_uri" ESCAPE="HTML">"><TMPL_VAR NAME="tip_slug"></a></dd> </dl> diff --git a/share/templates/en_US/valid.tmpl b/share/templates/en_US/valid.tmpl index 24fe6c5..0c66c37 100644 --- a/share/templates/en_US/valid.tmpl +++ b/share/templates/en_US/valid.tmpl @@ -1,17 +1,17 @@ <div id="result"> <TMPL_IF NAME="is_tentative"> - <h2 class="valid">This Page Is <em>Tentatively</em> Valid <TMPL_VAR NAME="file_version"> (Tentatively Valid)!</h2> + <h2 class="valid">This Page Is <em>Tentatively</em> Valid <TMPL_VAR NAME="file_version" ESCAPE="HTML"> (Tentatively Valid)!</h2> <TMPL_ELSE> - <h2 class="valid">This Page Is Valid <TMPL_VAR NAME="file_version">!</h2> + <h2 class="valid">This Page Is Valid <TMPL_VAR NAME="file_version" ESCAPE="HTML">!</h2> </TMPL_IF> <dl class="tip"> <dt><a href="http://www.w3.org/2001/06tips/">Tip Of The Day</a>:</dt> - <dd><a href="<TMPL_VAR NAME="tip_uri">"><TMPL_VAR NAME="tip_slug"></a></dd> + <dd><a href="<TMPL_VAR NAME="tip_uri" ESCAPE="HTML">"><TMPL_VAR NAME="tip_slug"></a></dd> </dl> <TMPL_IF NAME="file_warnings"> <dl id="warnings"> <TMPL_LOOP NAME="file_warnings"> - <dt><TMPL_VAR NAME="Title"></dt> + <dt><TMPL_VAR NAME="Title" ESCAPE="HTML"></dt> <dd> <TMPL_VAR NAME="Message"> </dd> @@ -20,23 +20,24 @@ </TMPL_IF> <p> <TMPL_IF NAME="is_upload"> - The uploaded document "<TMPL_VAR NAME="file_uri">" + The uploaded document "<TMPL_VAR NAME="file_uri" ESCAPE="HTML">" <TMPL_ELSE> The document located at - <<a href="<TMPL_VAR NAME="file_uri">"><TMPL_VAR NAME="file_uri"></a>> + <<a href="<TMPL_VAR NAME="file_uri" ESCAPE="HTML">"><TMPL_VAR NAME="file_uri" ESCAPE="HTML"></a>> </TMPL_IF> - was checked and found to be valid <TMPL_VAR NAME="file_version">. - This means that the resource in question identified itself as - "<TMPL_VAR NAME="file_version">" and that we successfully performed a - formal validation using an SGML or XML Parser (depending on the - markup language used). + was checked and found to be valid + <TMPL_VAR NAME="file_version" ESCAPE="HTML">. This means that the + resource in question identified itself as + "<TMPL_VAR NAME="file_version" ESCAPE="HTML">" and that we successfully + performed a formal validation using an SGML or XML Parser (depending on + the markup language used). </p> <TMPL_IF NAME="have_badge"> <p> <img class="inline-badge" - src="<TMPL_VAR NAME="badge_uri">" - alt="<TMPL_VAR NAME="badge_alt">" + src="<TMPL_VAR NAME="badge_uri" ESCAPE="HTML">" + alt="<TMPL_VAR NAME="badge_alt" ESCAPE="HTML">" <TMPL_VAR NAME="badge_gifhw"> /> To show your readers that you have taken the care to create an interoperable Web page, you may display this icon on any page @@ -45,15 +46,15 @@ </p> <pre> <p> - <a href="<TMPL_VAR NAME="cfg_home_page">/check/referer"><img - src="<TMPL_VAR NAME="badge_uri">" - alt="<TMPL_VAR NAME="badge_alt">"<TMPL_VAR NAME="badge_gifhw"><TMPL_VAR NAME="badge_xhtml">></a> + <a href="<TMPL_VAR NAME="cfg_home_page" ESCAPE="HTML">/check/referer"><img + src="<TMPL_VAR NAME="badge_uri" ESCAPE="HTML">" + alt="<TMPL_VAR NAME="badge_alt" ESCAPE="HTML">"<TMPL_VAR NAME="badge_gifhw"><TMPL_VAR NAME="badge_xhtml">></a> </p> </pre> <p> If you like, you can download a copy of this image (in - <a href="<TMPL_VAR NAME="badge_uri">.png">PNG</a> or - <a href="<TMPL_VAR NAME="badge_uri">.gif">GIF</a> + <a href="<TMPL_VAR NAME="badge_uri" ESCAPE="HTML">.png">PNG</a> or + <a href="<TMPL_VAR NAME="badge_uri" ESCAPE="HTML">.gif">GIF</a> format) to keep in your local web directory, and change the HTML fragment above to reference your local image rather than the one on this server. </p> @@ -76,7 +77,7 @@ If you would like to create a link to <em>this</em> page (i.e., this validation result) to make it easier to revalidate this page in the future or to allow others to validate your page, the URI is - <<a href="<TMPL_VAR NAME="file_thispage">"><TMPL_VAR NAME="file_thispage"></a>> + <<a href="<TMPL_VAR NAME="file_thispage" ESCAPE="HTML">"><TMPL_VAR NAME="file_thispage" ESCAPE="HTML"></a>> (or you can just add the current page to your bookmarks or hotlist). </p> </TMPL_UNLESS> |