[Feature Request]: Encoding keyword replacements

Update to Matrix’s asset keyword replacement functionality:


It would be beneficial to update Matrix’s asset keyword replacement functionality so that it can escape/encode the keyword replacement string. The following are three examples that would be extremely helpfull:

1. XML
   
   The following characters are escaped:
   
   ampersand (&) => (&)
   
   apostrophe (') =>(')
   
   greater than (>) =>(>)
   
   less than (<) => (&lt;)
   
   quote (") => (&quote;)
   
   
   
   This will mean that we do not need to use the ‘<![CDATA[‘ and ‘]]>’ character sequences which only work for text fields. It does not work in attributes. Please note that ampersand replacement is implemented first.
   
   
   
2. JavaScript
   
   The following characters are escaped:
   
   apostrophe (') => (\')
   
   
   
   This will mean that Matrix can serve content as a JavaScript pull.
   
   
   
3. SQL
   
   The following character is escaped:
   
   apostrophe (') =>(''),
   
   
   
   This will mean that Matrix can serve content as SQL statements.
   
   
   
   Two functions in fudge/general/text.inc will need to be changed:
   
   
   
   function replace_keywords($text, &$replacements)
   
   
   
   Which actually does the replacement
   
   
   
   function retrieve_keywords_replacements($text, $additional='')
   
   
   
   Which returns a list of valid keywords.
   
   
   
   
   
   
   
   Suggested Implementation:
   
   
   
   Use three characters to indicate that escape sequence is need
   
   XML => ampersand (&)
   
   Javascript => backslash (\)
   
   SQL => apostrophe (')
   
   
   
   Examples of use :-
   
   
   
   %asset_name% You'll never walk alone
   
   %&asset_name% You&apos;ll never walk alone
   
   %\asset_name% You\'ll never walk alone
   
   %'asset_name% You'';ll never walk alone
   
   
   
   This will maintain compatibility with the current implementation.

(For future reference, all feature requests should be submitted on our Bug Tracker at http://bugs.matrix.squiz.ne)


What you’re saying, is:



If the name of the asset is You’ll never walk alone – then:



%asset_name% is replaced by You’ll never walk alone

%&asset_name% is replaced by You&apos;ll never walk alone

%\asset_name% is replaced by You\‘ll never walk alone

%‘asset_name% is replaced by You’’;ll never walk alone



Correct?

Sorry if this is the wrong place to post. However, the Senior Development team informed me via email to post here.


You are correct in what you are saying. With the exception of the last example. My appologies but there should not be a ; in the replacement string:



%'asset_name% is replaced by You'';ll never walk alone



should have been



%'asset_name% is replaced by You''ll never walk alone

[quote]Sorry if this is the wrong place to post. However, the Senior Development team informed me via email to post here.
[right][post=“10227”]<{POST_SNAPBACK}>[/post][/right][/quote]



That’s not a problem. I’ll just go and beat the developers with a nerf bat or something.

Avi, this discussion should take place here because the keyword system is used everywhere in matrix. Proposed changes are steering the architecture in a particular direction which we need to discuss and agree on. Once we choose this route for escaping keywords it'll be hard to change so we need to be sure before we commit.


All developers are invited to think about this feature and participate.



Bug tracker is either for small concrete features or something that has been crystalised into a feature after a discussion in the forums or elsewhere. Bug tracker is not for debates.

Okedokey.

When validating XHTML strict, the validation will pass on &, but will generate warnings. I think the idea of introducing some escaping to the keyword sounds like a great idea.