[Zope] Two issues for Z2.2: XHTML & malicious tags

[Alexander Limi]

Zopistas,

I have two issues that I think should be rectified before the 2.2 release. I
am not very up to date on the goings-on in the list, but a quick search gave
me little information on the following:

1. The HTML that Zope outputs is not very standards-compliant (XHTML 1.0) at
the moment. Tags like <img /> are rendered as <IMG> etc. I would like to
contribute to the cleanup work, but I am a relative newcomer to CVS. How can
I participate? Do I just check out the relevant files, modify them and then
get somebody that is authorized to review the files and put them back in the
CVS?

I am not a guru when it comes to Python, but I know enough to not mess up
things along the way :)

And just to clarify: I'm not talking about a rewrite of the Zope management
console here, that will work fine until the Mozilla version comes along - I
merely want to make sure that tags are lowercase and terminated, so pages
produced by Zope stand a chance when passing through the W3C validator. I
always write compliant code when I have the chance, but when using Zope this
is impossible, as the tags that are inserted invalidate the page anyway.

So, who do I bribe to have a shot at the CVS? :)

2. Malicious HTML tags - is anything being done here? Filtering of these is
one of the features Zope 2.2 really shouldn't go without. Most Zope sites
have user interaction in some way, and the concept of a post containing a
stray </html>, or even worse - script-tags, destroying a page is totally
unacceptable IMHO. I'd just like to query what the status is on this, as I
think it is one of the most overlooked areas that are lacking in Zope.

I know Evan Simpson (malicious tags) and Christopher Petrilli (HTML quality
of zope) have been talking about this earlier, any comments?

I'm really looking forward to Zope 2.2, the alpha release looks good so far.
You guys rock :)

Regards,


Alexander Limi.