|Do you know where your variables are?|
Re: Adding content blocks to a static websiteby moritz (Cardinal)
|on Sep 06, 2011 at 09:42 UTC||Need Help??|
Another approach is to use server side includes. Instead of a <!-- PLACE CONTENT BELOW --> marker, you use <!--#include virtual="/your/newsfile.html" --> and place all the new content in $documentroot/your/newsfile.html. See the Apache SSI HowTo for more information.
That way the user just has to edit and upload one file.
If you'd rather stick with the placeholder approach, I'd recommend to either not do an in-place edit (create a modfiied copy), or mark both the start and end of the edit section.
For validation, HTML::StripScripts has a pretty good reputation (though I haven't used it myself).
What else should I be aware of?
Security. As always.
If you stick to the editing approach, you should be aware that it relies on uploading the whole HTML file. That means the user is able to replace it fully if he is malicious (maybe by extracting the server credentials from your script). It depends on your usage scenario if this is anactual problem.