This has been public since January, so I don't think we should make it invisible now: https://bugs.launchpad.net/zope3/+bug/98471 This can be used for phishing and reports say that those kinds of problems are actively used by phishers (e.g. using Google or Yahoo redirect URLS.) I've increased priority and marked it security relevant. Christian