[Zope-Checkins] CVS: Zope/lib/python/Products/PluginIndexes/TextIndex/dtml - manage_vocab.dtml:1.5.12.1

Tres Seaver tseaver at zope.com
Thu Jan 8 16:13:38 EST 2004 

Update of /cvs-repository/Zope/lib/python/Products/PluginIndexes/TextIndex/dtml
In directory cvs.zope.org:/tmp/cvs-serv7712/lib/python/Products/PluginIndexes/TextIndex/dtml

Modified Files:
      Tag: Zope-2_6-branch
	manage_vocab.dtml 
Log Message:


   - Browsers that do not escape html in query strings such as 
     Internet Explorer 5.5 could potentially send a script tag in a 
     query string to the ZSearch interface for cross-site scripting.
     See Collector #813 for other XSS-related rationale.


=== Zope/lib/python/Products/PluginIndexes/TextIndex/dtml/manage_vocab.dtml 1.5 => 1.5.12.1 ===
--- Zope/lib/python/Products/PluginIndexes/TextIndex/dtml/manage_vocab.dtml:1.5	Mon May 20 14:55:44 2002
+++ Zope/lib/python/Products/PluginIndexes/TextIndex/dtml/manage_vocab.dtml	Thu Jan  8 16:13:07 2004
@@ -41,14 +41,14 @@
 
 <dtml-in words previous size=20 start=query_start >
   <span class="list-nav">
-  <a href="<dtml-var URL>?query_start=<dtml-var previous-sequence-start-number>">
+  <a href="&dtml-URL;?query_start=&dtml-previous-sequence-start-number;">
     [Previous <dtml-var previous-sequence-size> entries]
   </a>
   </span>
 </dtml-in>
 <dtml-in words next size=20 start=query_start >
   <span class="list-nav">
-  <a href="<dtml-var URL>?query_start=<dtml-var next-sequence-start-number>">
+  <a href="&dtml-URL;?query_start=&dtml-next-sequence-start-number;">
     [Next <dtml-var next-sequence-size> entries]
   </a>
   </span>
@@ -84,7 +84,7 @@
 
 <dtml-in words previous size=20 start=query_start >
   <div class="list-nav">
-  <a href="<dtml-var URL>?query_start=<dtml-var previous-sequence-start-number>">
+  <a href="&dtml-URL;?query_start=&dtml-previous-sequence-start-number;">
     [Previous <dtml-var previous-sequence-size> entries]
   </a>
   </div>
@@ -92,7 +92,7 @@
 
 <dtml-in words next size=20 start=query_start >
   <div class="list-nav">
-  <a href="<dtml-var URL>?query_start=<dtml-var next-sequence-start-number>">
+  <a href="&dtml-URL;?query_start=&dtml-next-sequence-start-number;">
     [Next <dtml-var next-sequence-size> entries]
   </a>
   </div>

More information about the Zope-Checkins mailing list