Re: [Zope-Checkins] efge-death-to-dtml-var-branch
24 Oct
2002
24 Oct
'02
7:33 a.m.
(resend - sorry if you see a duplicate) On Thursday 24 October 2002 12:06 am, Florent Guillaume wrote:
Removed most <dtml-var> to replace them with &dtml-foo;. This corrects a number of potential XSS holes
I assume that the XSS holes are the old dtml-var tags which didnt have html_quote? Or am I missing something?
24 Oct
24 Oct
2:43 p.m.
New subject: [Zope-dev] Re: [Zope-Checkins] efge-death-to-dtml-var-branch
On Thu, 2002-10-24 at 09:33, Toby Dickenson wrote:
Removed most <dtml-var> to replace them with &dtml-foo;. This corrects a number of potential XSS holes
I assume that the XSS holes are the old dtml-var tags which didnt have html_quote?
Yes. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com
8567
Age (days ago)
8567
Last active (days ago)
1 comments
2 participants
participants (2)
-
Florent Guillaume -
Toby Dickenson