Permalink
Browse files

Item13880: Don't render TML in Head/script zones

Render.pm protects the <head> and <script> tags from render, but
RENDERZONE bypasses that protection.

Note that WebCreateNewTopicComponents also head/script zones could be cleaned
of any literal & noautolink tags, but they needed to stay for PatternSkin
to be backwards compatible with Foswiki 1.1
  • Loading branch information...
1 parent e48a024 commit 9643396c3b976747b1aa533283bcf47f1720a99a @gac410 gac410 committed Dec 19, 2015
@@ -1,4 +1,4 @@
-%META:TOPICINFO{author="ProjectContributor" comment="" date="1449888714" format="1.1" version="1"}%
+%META:TOPICINFO{author="ProjectContributor" comment="" date="1450471494" format="1.1" version="1"}%
%META:TOPICPARENT{name="AdminToolsCategory"}%
<noautolink>
@@ -107,16 +107,15 @@ The actual registration form.
<verbatim class="tml">
%STARTSECTION{"resources"}%%IF{"$REGISTRATION_DISABLED!='DISABLED'" then="
%ADDTOZONE{ "head"
- id="userRegistrationRequiredStyle"
+ id="UserRegistrationRequiredStyle"
text="<link type='text/css' rel='stylesheet' media='all' href='%PUBURLPATH{"requiredstyle.css" topic="%CSSJSTOPIC%"}%' />"
}%"}%
%ADDTOZONE{ "head"
- id="userRegistrationFormStyle"
+ id="UserRegistrationFormStyle"
text="<link type='text/css' rel='stylesheet' media='all' href='%PUBURLPATH{"formstyle.css" topic="%CSSJSTOPIC%"}%' />"
}%
%JQREQUIRE{"validate, wikiword, cookie"}%
<div id="FwkVD" class="foswikiHidden">
-<literal>
{
"url":"%SCRIPTURL{view}%/%SYSTEMWEB%.UserRegistrationParts",
"MinPasswordLength":%QUERY{"{MinPasswordLength}"}%,
@@ -144,10 +143,9 @@ The actual registration form.
}
}
}
-</literal>
</div>
%ADDTOZONE{ "script"
- id="userRegistrationValidation"
+ id="UserRegistrationValidation"
requires="JQUERYPLUGIN::VALIDATE, JQUERYPLUGIN::WIKIWORD, JQUERYPLUGIN::COOKIE"
text="<script type='text/javascript' src='%PUBURLPATH{"validate.js" topic="%CSSJSTOPIC%"}%'></script>"
}%
@@ -347,7 +345,7 @@ Test if user login name exists. Used for form validation.
}%
-%META:FILEATTACHMENT{name="validate.js" attr="h" date="1449888714" user="ProjectContributor" version="1"}%
-%META:FILEATTACHMENT{name="requiredstyle.css" attr="h" date="1449888714" user="ProjectContributor" version="1"}%
-%META:FILEATTACHMENT{name="formstyle.css" attr="h" date="1449888714" user="ProjectContributor" version="1"}%
+%META:FILEATTACHMENT{name="validate.js" attr="h" date="1450471494" user="ProjectContributor" version="1"}%
+%META:FILEATTACHMENT{name="requiredstyle.css" attr="h" date="1450471494" user="ProjectContributor" version="1"}%
+%META:FILEATTACHMENT{name="formstyle.css" attr="h" date="1450471494" user="ProjectContributor" version="1"}%
%META:PREFERENCE{name="ALLOWTOPICVIEW" title="ALLOWTOPICVIEW" type="Set" value="*"}%
@@ -1,4 +1,4 @@
-%META:TOPICINFO{author="ProjectContributor" date="1434650530" format="1.1" version="1"}%
+%META:TOPICINFO{author="ProjectContributor" date="1450471494" format="1.1" version="1"}%
%META:TOPICPARENT{name="Macros"}%
---+ RENDERZONE - render the content of a zone
Rendersa zone. See [[VarADDTOZONE][ADDTOZONE]] for an explanation of _zones_.
@@ -7,19 +7,19 @@ Rendersa zone. See [[VarADDTOZONE][ADDTOZONE]] for an explanation of _zones_.
%TABLE{sort="off"}%
| *Parameter* | *Description* | *Default* |
| ="zone"= | name of the zone | | (reguired) |
- | =format=" | format string for each item added to the zone | <verbatim class="tml">$item <!--<literal> $id $missing</literal>--></verbatim> |
+ | =format= | format string for each item added to the zone | <verbatim class="tml">$item <!--<literal> $id $missing</literal>--></verbatim> |
| =missingtoken= | string assigned to the =$missing= format token for use in the =format= parameter. | \
<verbatim class="tml">$id: requires= missing ids: $missingids</verbatim> |
| =chomp= | remove leading and trailing whitespace from formatted items, can be useful for pretty-printing and compression. | =off= |
| =header= | prepended to the output | |
| =footer= | appended to the output | |
| =separator= | put between each item of a zone | |
The following tokens are expanded in the =format= string:
- * =$id= - =id= of the [[VarADDTOZONE][ADDTOZONE]] call within the =zone= currently being rendered.
- * =$item= - text of the [[VarADDTOZONE][ADDTOZONE]] call within the =zone= currently being rendered.
- * =$zone= - the ="zone"= currently being rendered.
- * =$missing= - if the [[VarADDTOZONE][ADDTOZONE]] call being rendered required any =id= which was not found, then =$missing= is the =missingtoken= parameter; empty string otherwise.
- * =$missingids= - comma separated list of ids that were required by the [[VarADDTOZONE][ADDTOZONE]] call currently being rendered but weren't found within this =zone=.
+ * =$id= - =id= of the [[VarADDTOZONE][ADDTOZONE]] call within the =zone= currently being rendered.
+ * =$item= - text of the [[VarADDTOZONE][ADDTOZONE]] call within the =zone= currently being rendered.
+ * =$zone= - the ="zone"= currently being rendered.
+ * =$missing= - if the [[VarADDTOZONE][ADDTOZONE]] call being rendered required any =id= which was not found, then =$missing= is the =missingtoken= parameter; empty string otherwise.
+ * =$missingids= - comma separated list of ids that were required by the [[VarADDTOZONE][ADDTOZONE]] call currently being rendered but weren't found within this =zone=.
Supports the [[FormatTokens][standard format tokens]] in all parameters.
<div class="foswikiHelp">
@@ -34,6 +34,12 @@ Supports the [[FormatTokens][standard format tokens]] in all parameters.
automatically inserted before the =&lt;/head&gt;= tag in the output HTML
page.
+%H% Macros will be expanded in all zones. TML markup will not be expanded
+ in the =head= and =scripts= zones. Any formatting in =head= and =scripts= zones
+ including [<nop>[TML links]] must be done directly using HTML. TML pseudo-tags like
+ =nop=. =verbatim=, =literal=. and =noautolink= are removed from =head= and =script= zones
+ and have no influence on the markup. All other zones will be rendered as normal topic text.
+
%H% Normally, dependencies between individual =ADDTOZONE= statements are
resolved within each zone. However, if ={MergeHeadAndScriptZones}= is
enabled in [[%SCRIPTURLPATH{"configure"}%][configure]], then =head=
@@ -67,7 +67,7 @@ sub finish {
Add =$data= identified as =$id= to =$zone=, which will later be expanded (with
renderZone() - implements =%<nop>RENDERZONE%=). =$ids= are unique within
-the zone that they are added - dependencies between =$ids= in different zones
+the zone that they are added - dependencies between =$ids= in different zones
will not be resolved, except for the special case of =head= and =script= zones
when ={MergeHeadAndScriptZones}= is enabled.
@@ -88,8 +88,16 @@ added to =script= only.
that should precede the content
<blockquote class="foswikiHelp">%X%
-*Note:* Read the developer supplement at Foswiki:Development.AddToZoneFromPluginHandlers if you
-are calling =addToZone()= from a rendering or macro/tag-related plugin handler
+*Note:* Read the developer supplement at Foswiki:Development.AddToZoneFromPluginHandlers
+if you are calling =addToZone()= from a rendering or macro/tag-related plugin handler
+</blockquote>
+<blockquote class="foswikiHelp">%X%
+*Note:* Macros will be expanded in all zones. TML markup will not be expanded
+in the =head= and =scripts= zones. Any formatting in =head= and =scripts= zones
+including [<nop>[TML links]] must be done directly using HTML. TML pseudo-tags like
+=nop=. =verbatim=, =literal=. and =noautolink= are removed from =head= and =script=
+zones and have no influence on the markup.
+All other zones will be rendered as a normal topic.
</blockquote>
Implements =%<nop>ADDTOZONE%=.
@@ -277,7 +285,16 @@ sub _renderZone {
# delay rendering the zone until now
$result = $topicObject->expandMacros($result);
- $result = $topicObject->renderTML($result);
+
+# TML should not be rendered in the HEAD, which includes the head & script zones.
+# Other zones will be rendered normally.
+ if ( $zone eq 'head' || $zone eq 'script' ) {
+ $result =~ s#</?(:?literal|noautolink|nop|verbatim)>##g
+ ; # Clean up TML pseudo tags
+ }
+ else {
+ $result = $topicObject->renderTML($result);
+ }
return $result;
}

0 comments on commit 9643396

Please sign in to comment.