Forum OpenACS Q&A: Is Form able to be included in ETP Page?

Collapse
1: Is Form able to be included in ETP Page?
Posted by David Ghost on 04/28/04 02:16 PM
My ETP instance is allowed to accept any kind of HTML tags incluing <FORM..>.
However it does not display any form...just blank.
What's wrong?
Collapse
2: Re: Is Form able to be included in ETP Page? (response to 1)
Posted by Jade Rubick on 04/28/04 08:40 PM
Gil-Hwan:

I've run into exactly the same problem, and never found out why. I'd love to know, however.

What I suspect is that it's run through some sort of security filter, and that strips out the FORM  HTML. It's weird that it does that, I think. I think it should either show you an error when you try to enter the HTML, or something. But the HTML just silently disappears..

Collapse
3: Re: Is Form able to be included in ETP Page? (response to 2)
Posted by David Ghost on 04/30/04 09:16 AM
Thanks Jade,

Your comment soothe my pain to an extend.
By the way I'm a real novice to this environment
So I'm still waiting someone else's help who knows the answer.
Jade, How about you? I found your name so often here and there.

Collapse
4: Re: Is Form able to be included in ETP Page? (response to 1)
Posted by Torben Brosten on 04/30/04 11:02 AM
Quick thought...

Wouldn't adding a form tag break the function of a form that edits an etp page?

Maybe a substitute tag could be used that gets regsub'd to the form tag when etp displays the page?

Collapse
5: Re: Is Form able to be included in ETP Page? (response to 4)
Posted by David Ghost on 04/30/04 12:31 PM
Thanks Torben,

But could you provide me with a sample code?
I don't understand you...Sorry

Collapse
6: Re: Is Form able to be included in ETP Page? (response to 4)
Posted by Jade Rubick on 04/30/04 07:04 PM
Torben: allowing a form tag wouldn't harm anything, because when it's edited, it's text, and when it's displayed, there's no form to interfere with.

If I have time today, I'll look into this.

Collapse
7: Re: Is Form able to be included in ETP Page? (response to 1)
Posted by Jade Rubick on 04/30/04 07:57 PM
Gil-Hwan:

I think I've found why this is happening. Bear with me. I'm going to explain it in technical terms, so if it's confusing, just skip over the technical part.

ETP calls a proc called util_close_html_tags to make sure that the HTML people type in is legitimate. One of the side effects of this proc is that it REMOVES all FORM tags. That's actually the only tag it removes.

The only reason I can think of for doing this is security. It can be a security problem to allow people to post FORMs in your website.

However, if you're willing to take that risk, you could edit

packages/acs-tcl/tcl/text-html-procs.tcl

and change this line:

set syn(FORM) discard

to

set syn(FORM) close

I think that should work.

Collapse
8: Re: Is Form able to be included in ETP Page? (response to 1)
Posted by Torben Brosten on 05/02/04 01:41 AM
"allowing a form tag wouldn't harm anything, because when it's edited, it's text, and when it's displayed, there's no form to interfere with"

..subject to browser interpretation.

ETP page revisioning may be useful in some cases. ;)

cheers,
Torben

Collapse
9: Re: Is Form able to be included in ETP Page? (response to 7)
Posted by David Ghost on 05/03/04 10:17 AM
Thanks Jade,

Magically it works fine.