Home > Enterprise >  how to avoid w3c markup validation to use server redirection via url checking
how to avoid w3c markup validation to use server redirection via url checking

Time:12-25

I found the w3c validator very usefull for me for testing the final markup of a current page

I have a link for each of my page, like this:

https://validator.w3.org/nu/?showsource=yes&doc=https://example.com/index.php

it works, but the problem is - if I have something like this:

<?php
if(!isset($_SESSION['admin'])){header('location: login.php');}
?>

and the final markup for testing is in fact the markup of login.php and not index.php - regardless the session is set - or not

is there a way to avoid this redirection ?

seems there is a POST option instead of GET and I hope it works without redirection but I can't understand how to implement it

pls help

CodePudding user response:

The session will never be set because the Validator is not going to have logged into your site.

The simple and safe way to validate your HTML would be to:

  • View > Source
  • Copy/Paste (possibly via a text editor to remove any private data) into the Validator

The more complex way would be to write a means to bypass the session checking logic and always return the admin page. (E.g. a query string combined with a server-side configuration check). Then give a URL that triggers that bypass logic to the Validator. And to only ever turn that code on (via said configuration check) on a staging server that doesn’t have production data on it (otherwise you’ve introduced a big security hole).

Another, similar, approach would be to make the bypass based on the IP address the request comes from and then allow access to the Validator’s IP address. Since you don’t want attackers to be able to read your admin pages by submitting their URLs to the validator you should only do this for the IP address of an instance of the validator installed on your LAN (and restricted so non-admins who have access to your LAN can’t use it).

CodePudding user response:

If you have a Location: header, with the appropriate redirect status code, ideally you won't send any HTML at all. It won't be seen and is a waste of bandwidth. In fact, you'll find that the browser will follow the redirect before bothering to try rendering the HTML.

Therefore, there should be nothing to validate!

Also note that your browser's developer tools can do HTML validation warnings for you. So, if you need to do testing of logged-in pages, you can check right in your browser without going out to the W3C validator.

Page link:https//www.codepudding.com/Enterprise/240383.html

Prev:Generate random binary strings of length 32
Next:Properly cache a type-hinted model in Laravel
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding