[ZPT] Re: [Zope-Annce] TAL Hotfix 2004-07-14 for Zope 2.7.0, 2.7.1
Chris Withers
chris at simplistix.co.uk
Wed Jul 21 12:01:33 EDT 2004
Fred Drake wrote:
> <span i18n:translate="">
> Some text
> <i18n:field name="foo" tal:replace="request/something"/>
> more text
> </span>
>
> The message id is "Some text ${foo} more text", but the substitution for
> ${foo} needs to be quoted, since it comes from an untrusted source. That's
> what this hotfix adds.
Ah, okay, so it adds the opposite of the structure keyword to the i18n:name
substitution?
If so, what devious exploits did people think up that necessitated a hotfix for
this?
Also, if you WANT to put HTML in the substituted bit (like a <b> tag or some
other such horribleness) then how would you go about doing it?
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the ZPT
mailing list