25 Sep
2001
25 Sep
'01
5:57 p.m.
On Sun, 2001-09-23 at 15:17, Oliver Bleutgen wrote:
Hello message board. This is a message. <SCRIPT>malicious code</SCRIPT> This is the end of my message.
I don't really see your point other than a carelessly implemented app may expose these kind of vulnerabilities. Python (and hence Zope) has a library for stripping out this sort of malicious HTML.
Search for Strip-o-Gram or Squishdot on Zope.org for examples of how this can be used.
umm chris,
you're right, but this example
http://www.zope.org/Documentation/<SCRIPT>alert(document.domain)</SCRIPT>
executes the script. I don't exactly see why/where but I feel
Perhaps it is a browser thing? It isn't being executed by Galeon. Bill