[Zope-Checkins] CVS: Zope/doc - CHANGES.txt:1.535.2.163
Tres Seaver
tseaver at zope.com
Thu Jan 8 16:13:32 EST 2004
Update of /cvs-repository/Zope/doc
In directory cvs.zope.org:/tmp/cvs-serv7712/doc
Modified Files:
Tag: Zope-2_6-branch
CHANGES.txt
Log Message:
- Browsers that do not escape html in query strings such as
Internet Explorer 5.5 could potentially send a script tag in a
query string to the ZSearch interface for cross-site scripting.
See Collector #813 for other XSS-related rationale.
=== Zope/doc/CHANGES.txt 1.535.2.162 => 1.535.2.163 ===
--- Zope/doc/CHANGES.txt:1.535.2.162 Thu Jan 8 16:07:03 2004
+++ Zope/doc/CHANGES.txt Thu Jan 8 16:13:00 2004
@@ -8,6 +8,10 @@
Bugs Fixed
+ - Browsers that do not escape html in query strings such as
+ Internet Explorer 5.5 could potentially send a script tag in a
+ query string to the ZSearch interface for cross-site scripting.
+
- FilteredSets (used within TopicIndex) are defined via an expression,
which was naievely eval'ed.
More information about the Zope-Checkins
mailing list