Improve MHonArc resource file
Created by: ikedas
This is proposal of extensive change for #1091.
- Use
<%
...%>
instead of variable tags in MHonArc resource file - Rename resource file
- Incidental measure
<%
... %>
instead of variable tags in MHonArc resource file
Use According to history, at the first time MHonArc resource file adopted TT2, the tags <-%
... %->
were used [1]. But it was changed to (-%
... %-)
by the reason that "archives were not properly TT2 parsed" [2]. In fact, if current code is modified to use that tags, extracted archive page may contain the lines such as:
<!--X-Derived: #60#45% path_cgi %#45>/viewmod/listname/.../pngVTalOgmofN.png -->
This is not well-formed if it was parsed as XHTML or HTML 4. However it is legitimate comment for HTML5.
Afterward, (xxx%
... %xxx)
(xxx
is variable text) were introduced to make tags unpredictable so that (maybe) code injection would be prevented [3]. However, strictly logically speaking, this is not a perfect measure. On the other hand, the texts including <
and >
cannot be injected thanks to MHonArc that escapes input.
Therefore, now we would be better to use secure tags <%
... %>
instead of variable tags.
Rename resource file
The French spelling "ressources" would be better to be avoided.
Furthermore, names consisting of alphanumeric characters and dot(s) only (and optionally hyphen(s)) should be avoided as they may conflict with the domain name: SYSCONFDIR can contain the directories named by domain.
Suggested name is mhonarc_rc.tt2
.
Incidental measure
Existing mhonarc-ressources.tt2
will be converted to mhonarc_rc.tt2
during upgrading process.
[1] sympa-community/historic-sympa@e1d3d41, src/etc/mhonarc-ressources (2004-05-06) [2] sympa-community/historic-sympa@c1e50fa (2004-06-24) [3] sympa-community/historic-sympa@eb39494 (2004-12-02) and sympa-community/historic-sympa@96197b2 (2004-12-14)