[Zope-Checkins] CVS: Zope/lib/python/Products/SiteAccess/doc -
vhosting.html:1.1.214.1
Tres Seaver
tseaver at zope.com
Thu Jan 8 16:13:40 EST 2004
Update of /cvs-repository/Zope/lib/python/Products/SiteAccess/doc
In directory cvs.zope.org:/tmp/cvs-serv7712/lib/python/Products/SiteAccess/doc
Modified Files:
Tag: Zope-2_6-branch
vhosting.html
Log Message:
- Browsers that do not escape html in query strings such as
Internet Explorer 5.5 could potentially send a script tag in a
query string to the ZSearch interface for cross-site scripting.
See Collector #813 for other XSS-related rationale.
=== Zope/lib/python/Products/SiteAccess/doc/vhosting.html 1.1 => 1.1.214.1 ===
--- Zope/lib/python/Products/SiteAccess/doc/vhosting.html:1.1 Wed Jan 3 14:16:52 2001
+++ Zope/lib/python/Products/SiteAccess/doc/vhosting.html Thu Jan 8 16:13:09 2004
@@ -52,7 +52,7 @@
if you are rewriting hotsite as described above, then a standard DTML snippet
such as
<pre>
-<a href="<dtml-var URL>/hottopics">
+<a href="&dtml-URL;/hottopics">
</pre>
in object '/hotsite/forum' will generate
<pre>
More information about the Zope-Checkins
mailing list