diff options
author | root <root@rbsd.ankarstrom.se> | 2021-04-27 08:21:06 +0000 |
---|---|---|
committer | root <root@rbsd.ankarstrom.se> | 2021-04-27 08:21:06 +0000 |
commit | c30087fa75fe15ff61e6c334c921497a55372eb7 (patch) | |
tree | a16fec41722c8f070ef04ff2c563dd97d498325d /lib/Apache | |
parent | e1817d8557e0ba8ae2543b47aef4cdc2b7ad6789 (diff) | |
download | Apache-Inject-c30087fa75fe15ff61e6c334c921497a55372eb7.tar.gz |
Clarify CAVEATS
Diffstat (limited to 'lib/Apache')
-rw-r--r-- | lib/Apache/Inject.pm | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/lib/Apache/Inject.pm b/lib/Apache/Inject.pm index bf50728..1d6f49b 100644 --- a/lib/Apache/Inject.pm +++ b/lib/Apache/Inject.pm @@ -182,11 +182,27 @@ intelligently and forwards their combined contents. =head1 CAVEATS -Apache::Inject::Filter uses regular expressions to determine the +Apache::Inject::Filter uses a regular expression to determine the proper location of the injected header. It supports all valid HTML. -However, it does not take into account that embedded CSS and -JavaScript code can contain strings that look like valid opening -and closing HTML tags. +However, it does not parse embedded CSS and JavaScript, which means +that it is I<possible> to construct an example where it will fail: + + <script> + /* this looks like the closing tag for script: </script> */ + /* this looks like an opening tag for a new element: <title> */ + </script> + <body> + This is where the header <i>should</i> be inserted. + <script> + /* this looks like the closing tag for the title: </title> + This is where the header is <i>actually</i> inserted. + */ + </script> + </body> + +This specific type of document, however, is I<incredibly> unlikely. +In this case, an ad-hoc solution is simpler, more efficient and +more maintainable than a general one. On FreeBSD, you may need to enable the accf_http kernel module in order for the tests to work. Note that Apache::Inject works fine |