[ZPT] Re: [Zope-Annce] TAL Hotfix 2004-07-14 for Zope 2.7.0, 2.7.1
Chris Withers
chris at simplistix.co.uk
Fri Jul 16 03:38:27 EDT 2004
Hi Fred,
Fred Drake wrote:
> This hotfix product fixes a security bug in Page Templates. This fix
> ensures that values substituted in named slots in translated elements
> are properly encoded. If encoding is not desired and the source of
> the replacement text is trusted, the "structure" modifier can be used
> with the tal:content or tal:replace attribute to explicitly disable
> encoding.
"Hotfix" implies a security issue. Can you explain what that issue is?
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the ZPT
mailing list