![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png) simont |
Fri 2003-05-30 11:01 |
I probably will at some point. I wasn't entirely sure whether it would solve my problem, so I hesitated to spend all the effort in case it turned out not to... If it's a full programming language then I'm sure it'll be fine.
Still, it can wait for a while now I have this stopgap hack :-)
(BTW, it occurs to me that this trick might allow a malicious style designer to sneak a nasty HTML tag past the checks in cleanhtml.pl, by doing something along the lines of <!-- -%%foo%%-> <html intention="malicious"> <!-- -->, so that HTML::TokeParser thinks it's all a big comment but when a real browser sees it the stuff in the middle becomes active. Perhaps cleanhtml.pl might have been better applied to the HTML after expanding all the variables and gluing together all the bits and pieces of the style...) |
|