html tag without <> - is there an alternative?

Discussion in 'HTML' started by David Johnstone, Apr 19, 2006.

  1. The subject says it all. I'm trying to pipe text through a
    process that replaces:-
    < with &lt
    > with &gt

    Now I would like to include html in the text, but because of
    this substitution (which I can't do anything about), none of
    the html tags are recognised in the output.
    Is there perhaps some fiendishly obscure alternative syntax
    for coding an html tag? Or does anyone have an idea how
    I could circumvent this problem?
    Many thanks,
    David
    David Johnstone, Apr 19, 2006
    #1
    1. Advertising

  2. David Johnstone

    Jim Moe Guest

    David Johnstone wrote:
    > The subject says it all. I'm trying to pipe text through a
    > process that replaces:-
    > < with &lt
    >> with &gt

    > Now I would like to include html in the text, but because of
    > this substitution (which I can't do anything about), none of
    > the html tags are recognised in the output.
    >

    Nope, you're screwed. If the process has no method for escaping what it
    is replacing, there is nothing you can do.
    Perhaps if you gave a few more details like operating system, the
    process (if standard), etc.?
    And I hope you meant "&lt;" and "&gt;".

    --
    jmm (hyphen) list (at) sohnen-moe (dot) com
    (Remove .AXSPAMGN for email)
    Jim Moe, Apr 20, 2006
    #2
    1. Advertising

  3. Jim Moe wrote:
    > David Johnstone wrote:
    > > The subject says it all. I'm trying to pipe text through a
    > > process that replaces:-
    > > < with &lt
    > >> with &gt

    > > Now I would like to include html in the text, but because of
    > > this substitution (which I can't do anything about), none of
    > > the html tags are recognised in the output.
    > >

    > Nope, you're screwed. If the process has no method for escaping what it
    > is replacing, there is nothing you can do.
    > Perhaps if you gave a few more details like operating system, the
    > process (if standard), etc.?
    > And I hope you meant "&lt;" and "&gt;".


    Yes, I did meant that, thanks, and thanks also for your input.

    This is for a web site where you can provide your own content,
    but they don't want html. The way they keep html out is by
    making the html server do these substitutions - or maybe directly
    sunstituting in the source you provide. So I have no control over
    that - all I could do is write some alternative in the source, or at
    least I can't think of anything else.
    Got to hand it to them - it's a clever and simple way of keeping
    html out!

    David
    David Johnstone, Apr 20, 2006
    #3
  4. David Johnstone

    Toby Inkster Guest

    David Johnstone wrote:

    > Is there perhaps some fiendishly obscure alternative syntax
    > for coding an html tag?


    No -- but the particular filter that you're using may have a method of
    escaping tags to prevent them from being converted; or it may have a bug
    that can be exploited to achieve the same effect.

    Without more information from you it's difficult to know.

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me ~ http://tobyinkster.co.uk/contact
    Toby Inkster, Apr 20, 2006
    #4
  5. Toby Inkster wrote:
    > David Johnstone wrote:
    >
    > > Is there perhaps some fiendishly obscure alternative syntax
    > > for coding an html tag?

    >
    > No -- but the particular filter that you're using may have a method of
    > escaping tags to prevent them from being converted; or it may have a bug
    > that can be exploited to achieve the same effect.
    >
    > Without more information from you it's difficult to know.


    The filter is not under my control (see my other post). It's on a
    server I'm using but which I don't administer, so I don't have any
    more detailed information about it. It's designed to parse normal
    text and produce a result that will look like the original in an html
    viewer, so I would imagine anything like e.g. "\>" would have to
    view as exactly that in the browser.
    It does support it's own primitive markup language with directives
    like:-
    %cr Red %c*
    which would show the word "Red" in red.
    Since the results it produces are html (but not my html), I imagine
    it could *always* substitute < and > with no escape possibility,
    since the results (&gt; and &lt;) would always view correctly in
    a browser. I guess I would do it that way, anyway.
    David
    David Johnstone, Apr 20, 2006
    #5
  6. David Johnstone

    Jim Higson Guest

    David Johnstone wrote:

    > Yes, I did meant that, thanks, and thanks also for your input.
    >
    > This is for a web site where you can provide your own content,
    > but they don't want html. The way they keep html out is by
    > making the html server do these substitutions - or maybe directly
    > sunstituting in the source you provide. So I have no control over
    > that - all I could do is write some alternative in the source, or at
    > least I can't think of anything else.
    > Got to hand it to them - it's a clever and simple way of keeping
    > html out!


    They probably do it for security reasons, to avoid XSS attacks. There might
    be sneaky ways round it involving javascript, server-side bugs and browser
    corrections, but in general if they don't want you posting HTML that's
    their choice.

    --
    Jim
    Jim Higson, Apr 20, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. shruds
    Replies:
    1
    Views:
    783
    John C. Bollinger
    Jan 27, 2006
  2. Replies:
    1
    Views:
    378
    Andrew Thompson
    Nov 29, 2006
  3. Replies:
    10
    Views:
    580
  4. André
    Replies:
    2
    Views:
    724
    André
    Jun 23, 2008
  5. Gabriella
    Replies:
    5
    Views:
    114
Loading...

Share This Page