[ZPT] Re: [Zope-Annce] TAL Hotfix 2004-07-14 for Zope 2.7.0, 2.7.1
Chris Withers
chris at simplistix.co.uk
Mon Jul 19 02:41:55 EDT 2004
Dieter Maurer wrote:
> I read it above: the interpolated translation has not been
> HTML/XML quoted. "Interpolated translation" means "values substituted
> in slots of translated elements" (whatever that may be in detail).
So, just to check, this hotfix was released because someone might provide a
msgstr that might contain illegal HTML, and that might get through unquoted, and
that's IT?!
In that case, just checking, as far as I know, PTS is the only source of these
messages for Zope, and PTS relies on gettext.py from the python distribution.
gettext.py does a python exec, that's right, an EXEC!!, of each message in the
message catalog and someone is worried about unquoted html?!
That seems to be like offering someone a kevlar vest when they're already lying
bleeding in the street...
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the ZPT
mailing list