[ic] Interpolate vs restrict

Elver Loho elver.loho at gmail.com
Wed Mar 8 13:10:22 EST 2006


On 3/8/06, Mike Heins <mike at perusion.com> wrote:
> Quoting Elver Loho (elver.loho at gmail.com):
> > We're using the 'get-url' tag with interpolate="0".
> >
> > Is there any way to tell interpolate to only parse certain tags like L
> > and LC in the returned content?
>
> L and LC are not tags. You would need to use [loc].

Wow, wait. Explain that once more. How do we handle localisation,
then? I mean, we use L and LC for localisation right now. (We're still
using version 5.0)

> > We could use [restrict policy=deny enable='L LC'], but that would be
> > dangerous as anyone could simply insert [/restrict] in the content.
>
> Have you tried that? It should not work as long as you do:
>
>     [restrict policy=deny enable="loc get_url"]
>             [get-url url="http://foo.com" reparse=1]
>     [/restrict]
>
> A [/restrict] in the returned content will not do anything.

That seems to work. Thanks. Although, hm, won't that enable cross-site
scripting by inserting [get-url ...] stuff in the page returned by
get-url? We're including a PHP-based forum, so...

> An interesting feature might be a standard restrict specification
> for tag reparse.

I second that!


Elver



More information about the interchange-users mailing list