<form method=post action="/htbin-post/banner hello > foobar">
...form goes here
</form>
My question relates to how the i/o redirection character (or any special
character) is to be treated when used within quotes inside of a standard
HTML directive. Should special characters be completely protected when
quoted inside of a directive?? Does it make sense to specify that escapes
such as > be used within quoted strings? Where should this go in the
spec? (I looked for it, and can't find it - please point me there if I
missed it.
On a related note, the above question was generated by some strange
behavior I discovered in the following abuse of NCSA httpd, and X Mosaic:
HTML file:
===========================================================
<pre>
<inc srv "|echo Backslash escapes:">
<inc srv "| echo greater than: \>">
<inc srv "| echo less than: \<">
<inc srv "|echo HTML amper/semi escapes:">
<inc srv "| echo greater than: >">
<inc srv "| echo less than: <">
</pre>
===========================================================
Source received by X Mosaic:
===========================================================
<pre>
Backslash escapes:
greater than:
">
less than: <
HTML amper/semi escapes:
greater than:
less than:
</pre>
===========================================================
A few questions:
1) Why are extra newlines generated after each <inc srv "|blah">
directive?
2) Why doesn't \> work when \< seems to.
3) Does this happen only to me?
I am using XMosaic 2.0 and httpd 1.0a5 under AIX 3.2.4.
-- Bryan Cheung
[email protected]