HTML draft - clarification of quoted string processing

Bryan Cheung (cheung@eplrx7.es.dupont.com)
Fri, 3 Dec 93 10:48:17 EST

I may just be blind, but I don't see a place in the HTML spec which
describes what is supposed to happen to special characters inside quoted
strings. Consider an HTML statement such as:

<form method=post action="/htbin-post/banner hello > foobar">
...form goes here
</form>

My question relates to how the i/o redirection character (or any special
character) is to be treated when used within quotes inside of a standard
HTML directive. Should special characters be completely protected when
quoted inside of a directive?? Does it make sense to specify that escapes
such as &gt; be used within quoted strings? Where should this go in the
spec? (I looked for it, and can't find it - please point me there if I
missed it.

On a related note, the above question was generated by some strange
behavior I discovered in the following abuse of NCSA httpd, and X Mosaic:

HTML file:
===========================================================
<pre>
<inc srv "|echo Backslash escapes:">
<inc srv "| echo greater than: \>">
<inc srv "| echo less than: \<">
<inc srv "|echo HTML amper/semi escapes:">
<inc srv "| echo greater than: &gt;">
<inc srv "| echo less than: &lt;">
</pre>
===========================================================

Source received by X Mosaic:
===========================================================
<pre>
Backslash escapes:

greater than:
">
less than: <
HTML amper/semi escapes:

greater than:

less than:

</pre>
===========================================================

A few questions:

1) Why are extra newlines generated after each <inc srv "|blah">
directive?

2) Why doesn't \> work when \< seems to.

3) Does this happen only to me?

I am using XMosaic 2.0 and httpd 1.0a5 under AIX 3.2.4.

-- Bryan Cheung
cheung@eplrx7.es.dupont.com