RE: Problem with SSI and BOM

From: Mark Cilia Vincenti (mark@gfi.com)
Date: Wed Sep 27 2006 - 07:31:13 CST

Next message: Philippe Verdy: "Re: Problem with SSI and BOM"

Previous message: Philippe Verdy: "Re: Problem with SSI and BOM"
Maybe in reply to: Mark Cilia Vincenti: "Problem with SSI and BOM"
Next in thread: Philippe Verdy: "Re: Problem with SSI and BOM"
Reply: Philippe Verdy: "Re: Problem with SSI and BOM"
Reply: Philippe Verdy: "Re: Problem with SSI and BOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

It *is* including HTML within HTML. Basically the top, left and bottom
parts of the HTML page which are repetitious over a number of web pages
were placed in separate HTML files, and these are being included.

i.e. a static HTML page has 3 SSI calls. One for the top template, one
for the side template and one for the bottom template. When the include
files (which contain HTML code) are saved as UTF-8 with a BOM, then the
BOM is being included, and right on top of the 3 templates an empty line
is being inserted.

Best Regards,

Mark Cilia Vincenti - Internal Developer - Marketing
GFI Software - www.gfi.com

-----Original Message-----
From: Philippe Verdy [mailto:verdy_p@wanadoo.fr]
Sent: 27 September 2006 3:24 PM
To: Mark Cilia Vincenti; Addison Phillips; Jukka K. Korpela
Cc: unicode@unicode.org
Subject: Re: Problem with SSI and BOM

From: "Mark Cilia Vincenti" <mark@gfi.com>
> It *is* a problem, because we are using SSI (server-side include) tags
> on IIS (Windows' web server), which doesn't allow for a conversion
> filter. There are no configuration settings, so unless someone wrote a
> different DLL that allows for removal of BOM, then there would be no
way
> for me to strip it inside the body if it is present in the template
> files.
>
> HTML conformance is only secondary. The main problem is that the page
is
> not being displayed properly.

SSI has never been designed to import plain-text into an HTML page; it
was only made to include HTML within HTML.

Using SSI is certainly the bad option here, and i don't think that HTML
conformance is a minor issue; add to this the possible security issues
caused by code injection (if ever someone uses HTML in the plain-text
part, then it can inject malicious javascript or inlined binary objects
in the plain-text document).

Really consider using a conversion filter for translating plain-text
parts into conforming and secure HTML... such filter is quite simple to
implement, if you already have a server-side script processor (PHP,
Java, ASP, Perl...)

This mail was checked for viruses by GFI MailSecurity.
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), and network security and management software (GFI LANguard) - www.gfi.com

Next message: Philippe Verdy: "Re: Problem with SSI and BOM"
Previous message: Philippe Verdy: "Re: Problem with SSI and BOM"
Maybe in reply to: Mark Cilia Vincenti: "Problem with SSI and BOM"
Next in thread: Philippe Verdy: "Re: Problem with SSI and BOM"
Reply: Philippe Verdy: "Re: Problem with SSI and BOM"
Reply: Philippe Verdy: "Re: Problem with SSI and BOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Wed Sep 27 2006 - 07:31:46 CST