websec-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WebSec 1.9.0 released

From: Trevor Boicey
Subject: Re: WebSec 1.9.0 released
Date: Sun, 22 Jan 2006 00:13:20 -0500
User-agent: Mail/News 1.5 (X11/20051111) 
Baruch Even wrote:

http://www.aomci.org/cgi-bin/adshow.pl?PERPAGE=200&OFFSET=1


The diff is done with webdiff, which is part of websec. If you can dig
into it and fix the issue it would be great.

I don't have much time to go deep into websec, so I mostly add patches
from the (few) users.
From a quick analysis, it seems to be a problem with the <PRE> tag. Which is admittedly seldom used anymore. 

  The original text is something like:

<PRE>
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Nullam neque ipsum, interdum eu, suscipit et, faucibus interdum, massa. Nam cursus fermentum pede. Phasellus faucibus suscipit magna. Pellentesque neque elit, rhoncus nec, fermentum ut, rhoncus eu, mi. 
</PRE>
So the carriage returns would normally appear in the output and it wouldn't be all one line. 

  After webdiff, it becomes something like:

<PRE>
<SPAN ...>
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Nullam neque ipsum, interdum eu, suscipit et, faucibus interdum, massa. Nam cursus fermentum pede. Phasellus faucibus suscipit magna. Pellentesque neque elit, rhoncus nec, fermentum ut, rhoncus eu, mi. 
</SPAN>
</PRE>
...so the SPAN overrides the PRE and is treated as one giant line and comes out as a page that is several screens wide. 

  Two solutions spring to mind...
One would be to, when inside <PRE> blocks, replace \n with <BR>\n. This would probably be a workable solution. For additional mangling, consider replacing <PRE></PRE> with a <FONT></FONT> tag that sets a monospace font.
An easier one might be to just dispose of <PRE> and </PRE> tags entirely, just clean them out of the HTML. This would certainly be a lot easier and probably harmless for many purposes.
However, the last case scares me a little because one place you see a lot of <PRE> tags are sites that have source code on them. The source code would be fairly mangled if you allowed the browser to suggest the line breaks. It would fix this site, but perhaps break others. 

--
Trevor Boicey, P. Eng.
Ottawa, Canada, address@hidden
ICQ #17432933 http://www.brit.ca/~tboicey/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]