On 2/2/00 5:56 PM, Tres Seaver at tseaver@palladion.com wrote:
Anyone care to comment on Zope's vunlerability here? For instance, the ZGotW site allows submissions in structured text, plain text, and HTML -- but now I am probably going to htmlquote() the last, which kills a lot of the point of it, no?
From my reading, the reality is that it's not a vulnerability in any specific server, but a design flaw in applications built on them. Having said that, it is perhaps desirable for Zope to provide a "cleansing" mechanism that removes tags not allowed (i.e. you give it a list of disallowed, or allowed tags, and it does th "right thing").
So having said that, there's really nothing Zope can do that is not application specific, besides providing some "validation" code that can be called as appropriate. Hopefully people understand this is a design flaw in applications. Evan mentioned XML-based, but I think that's a bit heavy, unless it's sgmlop based, perhaps? Other ideas? I like the idea of a minimal set of tags (A, B, I, EM, BR, P, UL, OL, LI perhaps?) that are allowed, all else is verbotten... any other scheme is a "bad thing" :-) Chris -- | Christopher Petrilli Python Powered Digital Creations, Inc. | petrilli@digicool.com http://www.digicool.com