pkp#28: provide backend header support [3.3] #29
Conversation
ctgraham
changed the title
ctgraham
changed the title
CustomHeaderSettingsForm.inc.php
Outdated
| $libxml_errors_setting = libxml_use_internal_errors(); | ||
| libxml_use_internal_errors(true); | ||
| libxml_clear_errors(); | ||
| $xml = simplexml_load_string($input); |
There was a problem hiding this comment.
Just a thought -- is this going to be overly restrictive? It's requiring well-formed XML, but the field should be checking for well-formed HTML. I think the DOM tools might provide an alternative:
https://www.php.net/manual/en/domdocument.loadhtml.php
The idea would be:
- Use the same
libxml_use_internal_errorsapproach and return value to determine whether a fatal parsing error occurred - If it's flexible enough to allow parsing of documents that we don't want to permit, maybe re-serialize the HTML before storing in the setting to resolve that?
There was a problem hiding this comment.
Fair enough. It's unlikely that someone would want to legitimately throw an unclosed li in the head, but I could see someone wanting to do an old-style meta tag perhaps.
There was a problem hiding this comment.
Perhaps and additional checkbox or a second confirmation "submit" which bypasses the validation? A "I solemnly swear I am up to no good" prompt?
There was a problem hiding this comment.
"I solemnly swear I am up to no good" 🧙♂️ totally yes! After all who doesn't know that "with great power comes great responsibility"?
Resolves #28 for 3.3; C.f. forward port to main.