On 3/8/06, Mike Heins <suppressed> wrote: > Quoting Elver Loho (suppressed): > > We're using the 'get-url' tag with interpolate="0". > > > > Is there any way to tell interpolate to only parse certain tags like L > > and LC in the returned content? > > L and LC are not tags. You would need to use [loc]. Wow, wait. Explain that once more. How do we handle localisation, then? I mean, we use L and LC for localisation right now. (We're still using version 5.0) > > We could use [restrict policy=deny enable='L LC'], but that would be > > dangerous as anyone could simply insert [/restrict] in the content. > > Have you tried that? It should not work as long as you do: > > [restrict policy=deny enable="loc get_url"] > [get-url url="http://foo.com"; reparse=1] > [/restrict] > > A [/restrict] in the returned content will not do anything. That seems to work. Thanks. Although, hm, won't that enable cross-site scripting by inserting [get-url ...] stuff in the page returned by get-url? We're including a PHP-based forum, so... > An interesting feature might be a standard restrict specification > for tag reparse. I second that! Elver _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.