[Grok-dev] zope has auto-escaping by default of variables to
protect against XSS attacks
Sebastian Ware
sebastian at urbantalk.se
Thu Nov 15 03:16:19 EST 2007
Well, why don't we start something like "feature of the week" where
someone writes about a feature of Grok and it is posted on a (the new
grok website?) blog and sent to a list of news websites. This stuff
really doesn't have to be that long. It just needs to be interesting/
fun reading. We could call it "ME GROK LIKE feature of the week", and
that could be our PR-tool.
Mvh Sebastian
15 nov 2007 kl. 02.31 skrev Martijn Faassen:
> Hi there,
>
> I was just highly amused to read this headline as #3 on
> programming.reddit.com:
>
> Just checked in to Django trunk: auto-escaping of all variables in
> templates, to protect against XSS attacks by default
>
> It links to here:
>
> http://www.djangoproject.com/documentation/templates/#automatic-html-escaping
>
> Of course the Django developers didn't make this the "news"
> themselves, but it's still funny that people apparently consider
> this as news worth mentioning. It just landed on the *trunk*, it
> isn't even released yet. Zope has been doing this for a while. A
> long while. The Zope community (ZC in particular, I think) was
> actually one of the first to do something about it, in the year 2000.
>
More information about the Grok-dev
mailing list