[ZPT] Re: [Zope-Annce] TAL Hotfix 2004-07-14 for Zope 2.7.0, 2.7.1
Chris Withers
chris at simplistix.co.uk
Thu Jul 22 05:16:42 EDT 2004
Fred Drake wrote:
> On Wednesday 21 July 2004 12:01 pm, Chris Withers wrote:
> > Ah, okay, so it adds the opposite of the structure keyword to the
> > i18n:name substitution?
>
> Right; this makes the "text" keyword work, and be the default (which is what
> it's supposed to be).
What's the "text" keyword?
> > If so, what devious exploits did people think up that necessitated a
> > hotfix for this?
>
> We've come up with potential exploits, but don't know that they've been
> observed "in the wild". Given that people have been having trouble with the
> hotfix in some situations, I'd rather not provide details at this time.
If you could provide me details in private I'd be very greatful, as I
can't think of any way to exploit this that doesn't require other
methods of exploit to already be available...
> > Also, if you WANT to put HTML in the substituted bit (like a <b> tag or
> > some other such horribleness) then how would you go about doing it?
>
> Then use the "structure" keyword as you normally would; that works just fine.
Can you give me an example? I don't follow...
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the ZPT
mailing list