7516 – TranscodingActionDeletePopup: brute force call to str_replace would replace actual content

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 7516 - TranscodingActionDeletePopup: brute force call to str_replace would replace actual content

Summary: TranscodingActionDeletePopup: brute force call to str_replace would replace a...

Status:	RESOLVED FIXED

Alias:	None

Product:	mobileOK authoring tools
Classification:	Unclassified
Component:	Transcoding (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	Sylvain Lequeux
QA Contact:	fd

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-09-07 08:39 UTC by fd
Modified:	2009-09-07 09:11 UTC (History)
CC List:	0 users

See Also:

Attachments

Description fd 2009-09-07 08:39:53 UTC

The str_replace call removes occurrences of target="_blank" everywhere. This means that a blog post that explains the benefits of, say, this transcoding library has no easy way to write:

[[ Very cool, this plug-in removes target="_blank" from content to suppress popups. ]]

The real solution would be to parse content as a DOM tree, but that may fail if content is not valid XML.

Another workaround is to make sure the matched string contains a "<" character, because "<" cannot appear in regular content (it has to be escaped as "&lt;").

But... as defined in the XML spec, there are exceptions to the rule:
 http://www.w3.org/TR/xml/#syntax

"<" may appear in:
 1. comments
 2. CDATA sections
 3. Processing instructions (but I'm not too worried about that possibility as processing instructions are usually found near the top of the document).

Can we come up with a way to account for these exceptions while sticking to a simple search and replace paradigm?