html tag without <> - is there an alternative?

[David Johnstone]

The subject says it all. I'm trying to pipe text through a
process that replaces:-
< with &lt

with &gt

Now I would like to include html in the text, but because of
this substitution (which I can't do anything about), none of
the html tags are recognised in the output.
Is there perhaps some fiendishly obscure alternative syntax
for coding an html tag? Or does anyone have an idea how
I could circumvent this problem?
Many thanks,
David

 

[Jim Moe]

The subject says it all. I'm trying to pipe text through a
process that replaces:-
< with &lt
Now I would like to include html in the text, but because of
this substitution (which I can't do anything about), none of
the html tags are recognised in the output.

Nope, you're screwed. If the process has no method for escaping what it
is replacing, there is nothing you can do.
Perhaps if you gave a few more details like operating system, the
process (if standard), etc.?
And I hope you meant "&lt;" and "&gt;".

 

[David Johnstone]

Nope, you're screwed. If the process has no method for escaping what it
is replacing, there is nothing you can do.
Perhaps if you gave a few more details like operating system, the
process (if standard), etc.?
And I hope you meant "&lt;" and "&gt;".

Yes, I did meant that, thanks, and thanks also for your input.

This is for a web site where you can provide your own content,
but they don't want html. The way they keep html out is by
making the html server do these substitutions - or maybe directly
sunstituting in the source you provide. So I have no control over
that - all I could do is write some alternative in the source, or at
least I can't think of anything else.
Got to hand it to them - it's a clever and simple way of keeping
html out!

David

 

[Toby Inkster]

Is there perhaps some fiendishly obscure alternative syntax
for coding an html tag?

No -- but the particular filter that you're using may have a method of
escaping tags to prevent them from being converted; or it may have a bug
that can be exploited to achieve the same effect.

Without more information from you it's difficult to know.

 

[David Johnstone]

No -- but the particular filter that you're using may have a method of
escaping tags to prevent them from being converted; or it may have a bug
that can be exploited to achieve the same effect.

Without more information from you it's difficult to know.

The filter is not under my control (see my other post). It's on a
server I'm using but which I don't administer, so I don't have any
more detailed information about it. It's designed to parse normal
text and produce a result that will look like the original in an html
viewer, so I would imagine anything like e.g. "\>" would have to
view as exactly that in the browser.
It does support it's own primitive markup language with directives
like:-
%cr Red %c*
which would show the word "Red" in red.
Since the results it produces are html (but not my html), I imagine
it could *always* substitute < and > with no escape possibility,
since the results (&gt; and &lt would always view correctly in
a browser. I guess I would do it that way, anyway.
David

 

[Jim Higson]

Yes, I did meant that, thanks, and thanks also for your input.

This is for a web site where you can provide your own content,
but they don't want html. The way they keep html out is by
making the html server do these substitutions - or maybe directly
sunstituting in the source you provide. So I have no control over
that - all I could do is write some alternative in the source, or at
least I can't think of anything else.
Got to hand it to them - it's a clever and simple way of keeping
html out!

They probably do it for security reasons, to avoid XSS attacks. There might
be sneaky ways round it involving javascript, server-side bugs and browser
corrections, but in general if they don't want you posting HTML that's
their choice.