[Zope-Checkins] CVS: Zope/lib/python/Shared/DC/Scripts/dtml -
scriptTry.dtml:1.1.212.1
Tres Seaver
tseaver at zope.com
Thu Jan 8 16:13:42 EST 2004
Update of /cvs-repository/Zope/lib/python/Shared/DC/Scripts/dtml
In directory cvs.zope.org:/tmp/cvs-serv7712/lib/python/Shared/DC/Scripts/dtml
Modified Files:
Tag: Zope-2_6-branch
scriptTry.dtml
Log Message:
- Browsers that do not escape html in query strings such as
Internet Explorer 5.5 could potentially send a script tag in a
query string to the ZSearch interface for cross-site scripting.
See Collector #813 for other XSS-related rationale.
=== Zope/lib/python/Shared/DC/Scripts/dtml/scriptTry.dtml 1.1 => 1.1.212.1 ===
--- Zope/lib/python/Shared/DC/Scripts/dtml/scriptTry.dtml:1.1 Tue Jan 9 16:48:47 2001
+++ Zope/lib/python/Shared/DC/Scripts/dtml/scriptTry.dtml Thu Jan 8 16:13:12 2004
@@ -32,7 +32,7 @@
</td>
</tr>
<dtml-else>
- <dtml-raise type="Redirect">&dtml-URL1;</dtml-raise>
+ <dtml-raise type="Redirect"><dtml-var URL1></dtml-raise>
</dtml-in>
<tr>
More information about the Zope-Checkins
mailing list