[Zope-CMF] Undo interface
Chris Withers
chrisw@nipltd.com
Tue, 26 Jun 2001 12:55:59 +0100
Shane Hathaway wrote:
>
> Chris Withers wrote:
> >
> > Shane Hathaway wrote:
> > >
> > > I think there would be security implications in what you propose. I could
> > > be wrong.
> >
> > What would they be?
>
> - Putting HTML or JavaScript in the transaction description.
I wouldn't suggest allowing that, just allowing you to put your own short
comment in, in plain text:
'This was copied to that' or 'This document edited' rather than the terse URL
form of normal transaction comments.
> - Putting too much data in the notes.
Can you expand on this?
> - Clearing or replacing the note after cracking something.
Hmmm... you mean giving a hacker the ability to replace the note after they've
cracked something? Can they not do this already?
I agree its at a bit more of an exposed level if we let CMF developers change
it...
> But these can all be dealt with. Now what's the priority (since the
> main problem, where strange notes were added unnecessarily, has already
> been fixed)?
Not high, but would certainly gvie the CMF a more polished feel.
cheers,
Chris