| Re: PHP functions to convert markup efficiently [message #183880 is a reply to message #183879] |
Sat, 23 November 2013 22:07   |
James Harris
Messages: 11
Registered: November 2013
Karma:
|
Junior Member |
|
|
"Richard Yates" <richard(at)yatesguitar(dot)com> wrote in message
news:co6299tplsjmmmr0uovsldejl3431363l5(at)4ax(dot)com...
....
>> I am not trying to avoid complexity. Using PHP to convert markup to HTML
>> allows me to do things like these:
>> * restrict the elements that can be used (for security)
>> * add features such as a server-side TOC
>> * pull in data from various sources
>> * choose where to place elements such as footnotes
>> * make each page of the site a consistent structure
>>
>> Basically, the combination of HTML, CSS, PHP and my own markup codes
>> seems
>> ideal. Aside from having to devise the coding the rest is completely
>> standard and incredibly lightweight. As such, there will be no packages
>> and
>> associated bugfixes to install and it should be very fast.
>>
>> I'll keep in mind that there are prebuilt options, though, in case I run
>> into difficulties as I work on this.
>
> Can you use HTML codes, plus any markup you invent, but sanitize the
> input by stripping any HTML or other tags that you do not want or that
> could be a risk?
Theoretically yes but that would be hard to do and much slower. Consider
that if you see <p> on a page you don't know whether it is an HTML paragraph
tag or not unless you know its context. It might be part of a Java program,
for example, as in
f<p>();
or it could be just an insignificant piece of text that should appear as
written. The only way to tell for sure is to parse the file from the top and
recognise every element that precedes it. That would be a lot of work.
> I have a page where users can enter raw MySQL queries to generate
> reports. The first thng that happens to input is to check that only
> SELECT queries are processed (plus a lot of other safeguards). I also
> devised a 'COPY from table where index=x' command that allows copying
> one record easily. So, the page uses a limited form of a standard
> markup, supplemented with extras, and is completely safe.
>
> Seems you could do the same with HTML.
It is possible but would require lots of parsing code. By contrast,
converting markup to HTML can be made much easier. FWIW, I found I could do
something that works much more simply and wrote it up in a post made just a
few hours ago.
James
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]