Bullet-Proofing II
For the second in my series of “How-To” articles on MovableType, I’ll continue on the theme of bullet-proofing against the inclusion of invalid content. Aside from the content you, yourself, write, there’s stuff other people write that gets included in your blog. Even if you trust yourself to produce valid markup, you can’t necessarily trust others to do the same. Hence the need for bullet-proofing.
Last week, we dealt with comments posted to your blog. In this case, the answer was pretty. Since you call the shots, all you have to do is run the comment through the Validator and ask the poster to correct the errors before allowing them to post the comment to your blog. Since Alexei Kosut was kind enough to wrap the W3C Validator Script as a MovableType plugin, the job of setting this up was much-simplified.
Next on the list are Trackbacks and Syndicated RSS Feeds. Since these are, by definition, stuff written elsewhere, you don’t have any control over the content. If it’s invalid, you can’t ask the author to correct it; you just have to deal. Consequently, our solution will be more ham-handed.
Let’s look at the snippet of template code for listing a Trackback on my blog (before any bullet-proofing)
<div class="trackback" id="p<$MTPingID$>"> Read the post <a href="<$MTPingURL$>" target="new"><$MTPingTitle$></a><br /> <b>Weblog:</b> <$MTPingBlogName$><br /> <b>Excerpt:</b> <$MTPingExcerpt$><br /> <b>Tracked:</b> <$MTPingDate$></div>
Of the various <$MTPing*$> tags in the above code snippet, the ones supplied by the person who sent the Trackback are
Let’s start with the last item. What evil stuff might the <$MTPingPingExcerpt$> contain? You name it: invalid HTML markup, unescaped entities (eg, &) and control characters.
“Control characters?” you say, “Who would insert control characters in their blog?” Well, if you copied and pasted the previous sentence from your browser window into the composition window of your blog and posted it, depending on what OS you are using, you probably did just that. The trouble is the way non-ascii characters (like the curly quotes above) are handled by your OS. If you want to do it right, do a “View Source” on this page and copy from there. Needless to say, most people don’t do it right, and control characters in blogs are as common as dirt.
<$MTPingURL$> could very well contain unescaped &s, and you never know what people will put in the title of their posts.
So, what to do?
MovableType provides global filters to strip HTML, encode entities, and last week, I wrote a plugin to strip control characters. The mt-safe-href plugin takes care of escaping &s in URLs. You can use it to to protect your own content with constructions like <$MTEntryBody safe_urls="1"$>, or here to protect just a single URL.
Let’s change the above code to
<div class="trackback" id="p<$MTPingID$>"> Read the post <a href="<$MTPingURL safe_url="1"$>" target="new"><$MTPingTitle strip_controlchars="1" remove_html="1" encode_html="1" $></a><br /> <b>Weblog:</b> <$MTPingBlogName$><br /> <b>Excerpt:</b> <$MTPingExcerpt strip_controlchars="1" remove_html="1" encode_html="1" $><br /> <b>Tracked:</b> <$MTPingDate$></div>
Voila! Bullet-proofed.
Well, … erm … I didn’t do anything to bullet-proof the Blog Name. I haven’t seen an invalid one yet. I’m kinda curious to see whether any exist. A more cautious sort would bullet-proof that one too.
A similar story with the Syndicated RSS Feeds in my Blogroll. The mt-rssfeed plugin provides the tags
<$MTRSSFeedItemLink$> <$MTRSSFeedItemTitle$> <$MTRSSFeedItemDescription$>
These need to be replaced by
<$MTRSSFeedItemLink safe_url="1"$> <$MTRSSFeedItemTitle strip_controlchars="1" remove_html="1" encode_html="1"$> <$MTRSSFeedItemDescription strip_controlchars="1" remove_html="1" encode_html="1"$>
Similar techniques should take care of other included content you might have.
That leaves only your own content to validate. Guess that will have to wait for another post.
Update (5/13/2003): I just installed Adam Kalsey’s Technorati plugin. This is another brilliant example of how invalid HTML on other people’s blogs — served up via the Technorati API — can mess with an XML parser (in this case, the one used by Adam’s plugin). I found the plugin practically unusable until I applied this patch, which escapes ampersands. Not a complete bullet-proofing job, but good enough.
Update (5/14/2003): The fix is in.
Update (9/13/2003): Well, it finally happened! I got a trackback with an invalid <$MTPingBlogName$>. I’m afraid, dear readers, that you need to bulletproof that one too.
Update (4/10/2004): I’ve released a new version of the MTStripControlChars plugin, with somewhat more sophisticated behavior.
Update (6/10/2004): Actually, with very recent version of Perl, there is a problem with the technique explained above. With previous version of Perl, the global filters would be executed in a predicable order. Not so any longer! If you have an MT tag with multiple filters applied to it, they will execute in a random order. If those filters “conflict” in some way, you will get random problems when you rebuild your pages. Sometimes it will work right, sometimes it won’t. To fix this, we need to enforce a certain order of execution of the filters. In particular, we want the strip_controlchars filter to execute before the encode_html filter. To do this, we use the MTBlock plugin. For instance, we want to write
<b>Excerpt:</b> <MTBlock encode_html="1"><$MTPingExcerpt remove_html="1" strip_controlchars="2"$></MTBlock><br />
in the third line of above code snippet (and similarly for other occurences of strip_controlchars and encode_html).
Update (2/20/2005):
With my new, “internationalized” trackback setup, bulletproofing trackbacks is a bit easier. Escaping is handled internally, so all we need to do in the templates is<div class="trackback" id="p<$MTPingID$>"> Read the post <a href="<$MTPingURL safe_url="1"$>" target="new"><$MTPingTitle remove_html="1" strip_controlchars="2"$></a><br /> <b>Weblog:</b> <$MTPingBlogName remove_html="1" strip_controlchars="2"$><br /> <b>Excerpt:</b> <$MTPingExcerpt remove_html="1" strip_controlchars="2"$><br /> <b>Tracked:</b> <$MTPingDate$></div>
Re: Bullet-Proofing II
Private Fund Management - asset management
is an international investment company specializing in asset management services. During its long history, it has achieved and occupied a stable position in the financial market and won the confidence of numerous investors from all over the world.
Asset management
Asset management comprises the management of the client’s funds conducted on the basis of the contract signed by the investor and the management company. An investor transfers his or her powers to the management company, which chooses a professional and effective investment strategy based on the client’s aims and financial capability.
The traders react to any fluctuations on the financial market by immediately correcting the investment strategy in order to achieve and maintain high profit levels for an investor.
Asset management for our clients
• The reliability of cooperation with a professional investment company.
• No restrictions concerning the sum of the initial investment.
• Guaranteed profit rate acquired at specified periods of time.
• All decisions concerning the management of the acquired profits are made by the investor himself.
• The management company works hard to increase the investor’s income since the size of the brokerage received by it depends on the profit acquired by the client.
Does this investment method suit you?
Business development
The main reason for investing money into something is the formation of an additional source of passive income. If a client chooses the right way of investing money, he or she will be able to enjoy a certain degree of freedom in the development of his or her main business. Having a predetermined regular income, you will be able to expand the influence of your company at the market, invest the acquired profits into the development of new solutions and products, and define the prospective growth taking into consideration the peculiar features of your own stabilization fund.
Personal aims
By transferring a part of your funds to an asset management company, you will be able to figure out how you are going to use the acquired additional income for your own purposes. This sum used to be just a kind of stabilizer, but now you will be able to spend more money on recreation and unplanned purchases without increasing the size of the supply subtracted from your regular income.
Increasing the assets
By increasing the amount of funds transferred to an asset management company by means of acquired profits you will be increasing your own capital. At the same time the money doesn’t just get accumulated – it keeps on working for you. Consequently, the larger is the invested sum, the more profit you get from it.
The advantages of transferring free funds into asset management
The ability to build up your own investment business.
Freedom in the process of designing more ambitious development strategies.
Guaranteed stability and substantial amount of profits.
Additional funds that can be used in the realization of one’s personal aims.
Capital growth and steady increase of the active income.
The advantages that we offer
Individual approach and absolutely straight dealing with our clients. We strive towards close long-term business relationships that are able to bring mutual profits to our clients, partners, and ourselves. Guided by the willingness to achieve our common goals, we pay maximum attention to each of our investors. We value long-term relationships with our investors much higher than one-time transactions – that’s why we keep on doing our best to give maximum confidence to our clients and ensure the perfect performance of our liabilities.
Reliability. We minimize the risks taken by our clients by means of investment diversification and the utilizations of a specific investment strategy. All the investments that we manage get insured at the conditions that guarantee fullest protection of our clients’ interests.
Blameless reputation. During our history we have signed a lot of profitable contracts. Long years of successful operation at the international market have resulted in the establishment of our company’s blameless reputation based on the professional operation of our staff as well as the highest quality of the provided services.
Safe Investment Management Conception. Our work is based upon the principles; the effectiveness of which has been tested and proven in practice.
• Objective valuation of expectations.
• Detailed reports about the achieved results.
• Scrupulous risk management.
• Full correspondence of our activity to the current legislation.
• The willingness to find an appropriate solution for every particular problem.
• Creative approach towards the problems experienced by our clients.
• Aiming at the establishment of long-term business relationships with our clients.
The clients working with Private Fund Management should be fully confident of the reliability and the potential profitability of their investment. Our employees will help you choose the most convenient and well-paying investment option for you after picking up the appropriate investment strategy and investment portfolio.
Investment portfolios
While choosing the appropriate investment means one will always have to look for the happy medium between two indices: profitability and possible risks. These indices are in direct relation to each other - the bigger is the potential profit, the bigger is the potential risk. It has to be noted that the concept of risk is getting less and less relevant these days since within the past seven years of our operation at the financial market none of our clients have ever received profits lower than those agreed upon during the process of signing the contract. We offer solutions able to help each of our customers to choose the investment means that is the most profitable for him or her in particular.
What is an investment portfolio?
An investment portfolio is the combination of assets that you invest your money into. The process of building up an investment portfolio is based upon the process of choosing securities. The main reason for creating a portfolio is pretty simple – if done correctly, it will allow you to supply your set of securities with such investment features (profitability and risk) that cannot be achieved by purchasing only stocks or bonds, for instance. Combination is the only key to creating a good investment portfolio.
Peculiar features of different investment portfolios
All investment portfolios are built up in accordance with one of the following strategies:
• The strategy aimed at the aggressive capital growth stimulation with high level of risk. Potential annual profitability of this strategy can be estimated at about 35%. This strategy is based upon the utilization of tools with a high level of risk: shares, futures, and options.
• The strategy aimed at low-risk investment and intended for steady capital growth (about 22% annually). Stocks can serve as an example of low-risk investment tools.
By combining high- and low-risk approaches in different proportions, the experts of Private Fund Management develop investment portfolios based on the requirements set by different clients.