RE: Problem with SSI and BOM

From: Mark Cilia Vincenti (
Date: Wed Sep 27 2006 - 07:31:13 CST

  • Next message: Philippe Verdy: "Re: Problem with SSI and BOM"

    It *is* including HTML within HTML. Basically the top, left and bottom
    parts of the HTML page which are repetitious over a number of web pages
    were placed in separate HTML files, and these are being included.

    i.e. a static HTML page has 3 SSI calls. One for the top template, one
    for the side template and one for the bottom template. When the include
    files (which contain HTML code) are saved as UTF-8 with a BOM, then the
    BOM is being included, and right on top of the 3 templates an empty line
    is being inserted.

    Best Regards,

    Mark Cilia Vincenti - Internal Developer - Marketing
    GFI Software -

    -----Original Message-----
    From: Philippe Verdy []
    Sent: 27 September 2006 3:24 PM
    To: Mark Cilia Vincenti; Addison Phillips; Jukka K. Korpela
    Subject: Re: Problem with SSI and BOM

    From: "Mark Cilia Vincenti" <>
    > It *is* a problem, because we are using SSI (server-side include) tags
    > on IIS (Windows' web server), which doesn't allow for a conversion
    > filter. There are no configuration settings, so unless someone wrote a
    > different DLL that allows for removal of BOM, then there would be no
    > for me to strip it inside the body if it is present in the template
    > files.
    > HTML conformance is only secondary. The main problem is that the page
    > not being displayed properly.

    SSI has never been designed to import plain-text into an HTML page; it
    was only made to include HTML within HTML.

    Using SSI is certainly the bad option here, and i don't think that HTML
    conformance is a minor issue; add to this the possible security issues
    caused by code injection (if ever someone uses HTML in the plain-text
    part, then it can inject malicious javascript or inlined binary objects
    in the plain-text document).

    Really consider using a conversion filter for translating plain-text
    parts into conforming and secure HTML... such filter is quite simple to
    implement, if you already have a server-side script processor (PHP,
    Java, ASP, Perl...)

    This mail was checked for viruses by GFI MailSecurity.
    GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), and network security and management software (GFI LANguard) -

    This archive was generated by hypermail 2.1.5 : Wed Sep 27 2006 - 07:31:46 CST