[Zope] Securing Zope and Special URLs
Dieter Maurer
dieter at handshake.de
Sat Sep 13 07:15:09 EDT 2003
Dylan Reinhardt wrote at 2003-9-10 17:41 -0700:
> On Wed, 2003-09-10 at 16:46, Roy Rapoport wrote:
> > Jamie Heilman wrote:
> > [Zope Security is an oxymoron]
> > > 3) Never use DTML.
> >
> > Why?
> ...
> For my money, TAL provides almost no major advantage
> over DTML except that it breaks before you get into trouble using it for
> too much logic.
It does automatic HTML quoting on dynamic content (unless you use
"structure") and therefore provides more protection against
cross scripting attacks.
Dieter
More information about the Zope
mailing list