diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 23 |
1 files changed, 20 insertions, 3 deletions
@@ -116,10 +116,27 @@ OPERATION and forwards their combined contents. CAVEATS - Apache::Inject::Filter uses regular expressions to determine the proper + Apache::Inject::Filter uses a regular expression to determine the proper location of the injected header. It supports all valid HTML. However, it - does not take into account that embedded CSS and JavaScript code can - contain strings that look like valid opening and closing HTML tags. + does not parse embedded CSS and JavaScript, which means that it is + *possible* to construct an example where it will fail: + + <script> + /* this looks like the closing tag for script: </script> */ + /* this looks like an opening tag for a new element: <title> */ + </script> + <body> + This is where the header <i>should</i> be inserted. + <script> + /* this looks like the closing tag for the title: </title> + This is where the header is <i>actually</i> inserted. + */ + </script> + </body> + + This specific type of document, however, is *incredibly* unlikely. In + this case, an ad-hoc solution is simpler, more efficient and more + maintainable than a general one. On FreeBSD, you may need to enable the accf_http kernel module in order for the tests to work. Note that Apache::Inject works fine without the |