Environment variables with Newlines

Discussion in 'HTML' started by P E Schoen, Jan 17, 2011.

  1. P E Schoen

    P E Schoen Guest

    I have a form with input variables which are submitted to a Perl script by
    POST, but one of them is a TextArea which accepts multiline user input that
    may contain Newline characters. When these are encountered, an error occurs
    which is "malformed header", although the data is still correctly inserted
    in a text field of the database.

    This data will be used to create HTML web pages, so the Newline characters
    could be replaced by <br> tags using Javascript. Or is there a better way to
    do this?

    Thanks,

    Paul
    P E Schoen, Jan 17, 2011
    #1
    1. Advertising

  2. P E Schoen wrote:

    > I have a form with input variables which are submitted to a Perl
    > script by POST, but one of them is a TextArea which accepts multiline
    > user input that may contain Newline characters. When these are
    > encountered, an error occurs which is "malformed header", although
    > the data is still correctly inserted in a text field of the database.


    Which software reports such an error?

    By the specifications, and in practice, a newline entered in a textarea is
    converted, by a browser, to the canonical form CR LF which in turn becomes
    %0D%0A, in the default encoding for form data. So your Perl script should be
    written so that it properly handles this. Doesn't the library you're using
    do this automatically?

    > This data will be used to create HTML web pages, so the Newline
    > characters could be replaced by <br> tags using Javascript. Or is
    > there a better way to do this?


    Of course - such things should be done server-side, in your Perl script in
    this case. But the details depend on how newlines in textarea are supposed
    to affect the outcome. If you really want to preserve the exact division
    into lines in the user input (which would be rather questionable, though
    perhaps meaningful in some special cases), then you could use <pre> markup.
    But this also depends on how the HTML document is to be generated.

    --
    Yucca, http://www.cs.tut.fi/~jkorpela/
    Jukka K. Korpela, Jan 17, 2011
    #2
    1. Advertising

  3. P E Schoen

    P E Schoen Guest

    "Jukka K. Korpela" wrote in message
    news:4RSYo.7253$...

    P E Schoen wrote:

    >> I have a form with input variables which are submitted to a Perl
    >> script by POST, but one of them is a TextArea which accepts multiline
    >> user input that may contain Newline characters. When these are
    >> encountered, an error occurs which is "malformed header", although
    >> the data is still correctly inserted in a text field of the database.


    > Which software reports such an error?


    It is in the error logs of the server:
    malformed header from script.
    Bad header=Carriage Return Bad?: EventProcessor.pl,
    referer: http://www.pauleschoen.com/SCGBG/EventSubmit.htm

    > By the specifications, and in practice, a newline entered in a textarea is
    > converted, by a browser, to the canonical form CR LF which in turn becomes
    > %0D%0A, in the default encoding for form data. So your Perl script should
    > be written so that it properly handles this. Doesn't the library you're
    > using do this automatically?


    I thought this was happening when the script was reading the environment
    variables. But now I think it may be the generation of the HTML to stdin.
    This is done in a heredoc as follows:

    Content-type: text/html

    <html><body>
    <br>$in{'Entry_Description'}</br></p>

    This is where the user gets a message that the form data has been processed.
    But the error causes a Server error message to be displayed instead. This is
    done as a final step after all other input processing has been done, and all
    of that seems to be OK.

    >> This data will be used to create HTML web pages, so the Newline
    >> characters could be replaced by <br> tags using Javascript. Or is
    >> there a better way to do this?


    > Of course - such things should be done server-side, in your Perl script in
    > this case. But the details depend on how newlines in textarea are supposed
    > to affect the outcome. If you really want to preserve the exact division
    > into lines in the user input (which would be rather questionable, though
    > perhaps meaningful in some special cases), then you could use <pre>
    > markup. But this also depends on how the HTML document is to be generated.


    Well, I added the <pre> tag, and it works!

    Thanks!

    Paul
    P E Schoen, Jan 17, 2011
    #3
  4. P E Schoen wrote:

    > I have a form with input variables which are submitted to a Perl
    > script by POST, but one of them is a TextArea which accepts multiline
    > user input that may contain Newline characters. When these are
    > encountered, an error occurs which is "malformed header", although
    > the data is still correctly inserted in a text field of the database.
    >
    > This data will be used to create HTML web pages, so the Newline
    > characters could be replaced by <br> tags using Javascript. Or is
    > there a better way to do this?


    As Jukka suggests, do it server-side. I use PHP, not Perl; there should
    be an equivalent to this:

    $ccomment = str_replace(Chr(10), "<br>", $ccomment);
    echo $ccomment;

    Of course, fill in the rest of your display goodies .. <div>s and CSS
    and whatevers.

    --
    -bts
    -Four wheels carry the body; two wheels move the soul
    Beauregard T. Shagnasty, Jan 17, 2011
    #4
  5. P E Schoen

    P E Schoen Guest

    "P E Schoen" wrote in message news:VsTYo.1042$...

    > "Jukka K. Korpela" wrote in message
    > news:4RSYo.7253$...


    >> P E Schoen wrote:


    >>> I have a form with input variables which are submitted to a Perl
    >>> script by POST, but one of them is a TextArea which accepts
    >>> multiline user input that may contain Newline characters. When
    >>> these are encountered, an error occurs which is "malformed
    >>> header", although the data is still correctly inserted in a text
    >>> field of the database.


    >> Which software reports such an error?


    > It is in the error logs of the server:
    > malformed header from script.
    > Bad header=Carriage Return Bad?: EventProcessor.pl,
    > referer: http://www.pauleschoen.com/SCGBG/EventSubmit.htm


    > I thought this was happening when the script was reading the
    > environment variables. But now I think it may be the generation
    > of the HTML to stdin. This is done in a heredoc as follows:


    Content-type: text/html

    <html><body>
    <br>$in{'Entry_Description'}</br></p>

    >> .. you could use <pre> markup. But this also depends on how
    >> the HTML document is to be generated.


    > Well, I added the <pre> tag, and it works!


    Actually, that only masked the real culprit, which was as follows:

    <h4>Times: $in{'Entry_Start_DOW,'} $in{'Entry_Start_DT'} to ...

    I noticed that the Entry_Start_DOW input variable was not displayed, and I
    saw the error when I examined the Perl code. I changed this code a little
    bit and the comma got into the reference for the input variable.

    When I was testing the form, I played around with adding HTML tags on the
    user end, and I found that they work as expected to change fonts and colors,
    and even to display an image with an <img src=url> tag. But that caused me
    to contemplate what could happen if someone put malicious content into the
    text area. It could be some nasty JavaScript or a redirect to a hostile
    website or any number of scary scenarios. And even just a simple error or
    typo could mess up the entire HTML document being created.

    So, I think I will need to remove any HTML tags, or do some careful
    validation of the user input. Now I'm starting to understand how there can
    be security risks when a user is allowed the freedom to enter useful but
    potentially dangerous content.

    Thanks,

    Paul
    P E Schoen, Jan 18, 2011
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. headware

    newlines in textboxes

    headware, Sep 22, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    337
    Girish Bharadwaj
    Sep 22, 2004
  2. Newlines in Datagrid

    , Sep 6, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    2,032
    RenyMatt
    May 4, 2009
  3. Rhino
    Replies:
    2
    Views:
    5,162
    Filip Larsen
    Dec 22, 2003
  4. Replies:
    5
    Views:
    641
  5. Replies:
    9
    Views:
    929
Loading...

Share This Page