Re: Problem with SSI and BOM

From: Philippe Verdy (
Date: Wed Sep 27 2006 - 07:24:28 CST

  • Next message: Mark Cilia Vincenti: "RE: Problem with SSI and BOM"

    From: "Mark Cilia Vincenti" <>
    > It *is* a problem, because we are using SSI (server-side include) tags
    > on IIS (Windows' web server), which doesn't allow for a conversion
    > filter. There are no configuration settings, so unless someone wrote a
    > different DLL that allows for removal of BOM, then there would be no way
    > for me to strip it inside the body if it is present in the template
    > files.
    > HTML conformance is only secondary. The main problem is that the page is
    > not being displayed properly.

    SSI has never been designed to import plain-text into an HTML page; it was only made to include HTML within HTML.

    Using SSI is certainly the bad option here, and i don't think that HTML conformance is a minor issue; add to this the possible security issues caused by code injection (if ever someone uses HTML in the plain-text part, then it can inject malicious javascript or inlined binary objects in the plain-text document).

    Really consider using a conversion filter for translating plain-text parts into conforming and secure HTML... such filter is quite simple to implement, if you already have a server-side script processor (PHP, Java, ASP, Perl...)

    This archive was generated by hypermail 2.1.5 : Wed Sep 27 2006 - 07:26:37 CST