From: Philippe Verdy (verdy_p@wanadoo.fr)
Date: Wed Sep 27 2006 - 07:24:28 CST
From: "Mark Cilia Vincenti" <mark@gfi.com>
> It *is* a problem, because we are using SSI (server-side include) tags
> on IIS (Windows' web server), which doesn't allow for a conversion
> filter. There are no configuration settings, so unless someone wrote a
> different DLL that allows for removal of BOM, then there would be no way
> for me to strip it inside the body if it is present in the template
> files.
>
> HTML conformance is only secondary. The main problem is that the page is
> not being displayed properly.
SSI has never been designed to import plain-text into an HTML page; it was only made to include HTML within HTML.
Using SSI is certainly the bad option here, and i don't think that HTML conformance is a minor issue; add to this the possible security issues caused by code injection (if ever someone uses HTML in the plain-text part, then it can inject malicious javascript or inlined binary objects in the plain-text document).
Really consider using a conversion filter for translating plain-text parts into conforming and secure HTML... such filter is quite simple to implement, if you already have a server-side script processor (PHP, Java, ASP, Perl...)
This archive was generated by hypermail 2.1.5 : Wed Sep 27 2006 - 07:26:37 CST