View Full Version : [fixed] <script> tag screws up [php]
Raz Meister
Tue 6th Nov '01, 8:43am
When using the <script> tag in a PHP tag, it isn't parsed correctly:
Source:
--
<script language="JavaScript" type="text/javascript" src="http://whereever"></script>
End of PHP tag, but still parsing.
--
<script language="JavaScript" type="text/javascript" src="http://whereever"></script>
End of PHP tag, but still parsing.
Raz Meister
Tue 6th Nov '01, 2:25pm
^BUMP^
tubedogg
Wed 7th Nov '01, 2:36am
<script>window.location='newlocation'</script>
Kier
Thu 8th Nov '01, 2:56pm
<script language="jscript">alert('hello');</script>
<script language="jscript">alert('hello');</script>
Kier
Thu 8th Nov '01, 2:56pm
Hmm... curious
Raz Meister
Thu 8th Nov '01, 3:07pm
<script language="jscript">alert('hello');</scriptt>
<script language="jscript">alert('hello');</scriptt>Will it parse this?
Mike Sullivan
Thu 8th Nov '01, 5:00pm
That's why the [ php] tag is only for valid PHP code.
The only way to fix it is to remove the code that invisibly adds in the <?php and ?> so the code is actually syntax highlighted. Removing that fixes this but removes much of the ease of use, so I don't really think it's worth it...
Chen
Fri 9th Nov '01, 10:33am
Originally posted by Ed Sullivan
That's why the [ php] tag is only for valid PHP code.
LOL, now that makes sense! :D
Raz Meister
Fri 9th Nov '01, 10:39am
Yes, it does make sense. It still doesn't explain though why it screws up the rest of the page, if correct PHP code is not used.
Mike Sullivan
Fri 9th Nov '01, 3:32pm
Because when you don't use valid PHP code, the <font> tag (I believe that's what highlight_string() uses) isn't closed. Our substr() calls to dynamically add/remove <?php and ?> expect it to be.
This should work correctly because I am manually including the <?php and ?>:
<?php
<script language="jscript">alert('hello');</script>
?>
Mike Sullivan
Fri 9th Nov '01, 3:35pm
Oops, now I see what you mean. Not sure why the </blockquote> isn't there...
Raz Meister
Fri 9th Nov '01, 4:01pm
Heres what a little investigation has found:alert</font><font color="#006600">(</font><font color="#CC0000">'hello'</font><font color="#006600">);</font><font color="#0000</font></code>
<hr></pre></blockquote><font face="verdana, arial, helvetica" size="2" ></font></p>
The tag in bold isn't complete for some reason....
Could be bug within the syntax highlighting function within PHP.
Mike Sullivan
Sat 10th Nov '01, 11:01am
Hmm... guess I missed the </blockquote>. In which case, this is the issue:
Because when you don't use valid PHP code, the <font> tag (I believe that's what highlight_string() uses) isn't closed.
Therefore our substr() to remove the ?> at the end removes some incorrect stuff (part of the font tag you bolded)...
John
Mon 12th Nov '01, 10:23pm
Do we have a bug?
I am unsure having read through all that!
John
Raz Meister
Tue 13th Nov '01, 9:03am
Yes, I think so, because when passing the following string to highlight_string():<script language="jscript">alert('hello');</script>It returns the following string:<code><font color="#000000">
<script language="jscript">alert('hello');</script></font>
</code>
Raz Meister
Tue 13th Nov '01, 9:03am
This is valid PHP code:
<SCRIPT LANGUAGE="php"> echo ("Hello World!"); </SCRIPT>
Valid PHP code implemented thorugh the script tags also doesn't give properly formatted output.
<SCRIPT LANGUAGE="php"> echo ("Hello World!"); </SCRIPT>
Valid PHP code implemented thorugh the script tags also doesn't give properly formatted output.
Mike Sullivan
Tue 13th Nov '01, 3:29pm
We found a better way of stripping out the tags, so this should now be fixed. :)
John
Tue 13th Nov '01, 7:08pm
That's better now :)
John
Raz Meister
Tue 13th Nov '01, 7:11pm
Yes it is :)
So.....are these forums running on v2.2.1?
vBulletin® v3.8.0 Beta 4, Copyright ©2000-2008, Jelsoft Enterprises Ltd.