Joey Hess wrote:

> Damyan Ivanov wrote:
>> This seems acceptable to me. You follow a link to the German
>> translation of the web site and the site keeps that preference unless
>> you tell it otherwise (or ignore cookies).
> 
> Lot of scope here for things like posts to Planet Debian
> containing "broken" <img> tags that change everyone's website
> language to Esperanto.

In which case, the practical effect is just a minor annoyance, and the 
person responsible gets kicked out.

> Only way to fully avoid such mischief is to use a POSTed form with
> an XSS prevention token.

Or set the cookie with javascript.

But if you want to consider all the cases, then you should also think of 
subdomains of debian.org setting a lang cookie for .debian.org, etc.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]

Reply via email to