Joey Hess wrote: > Damyan Ivanov wrote: >> This seems acceptable to me. You follow a link to the German >> translation of the web site and the site keeps that preference unless >> you tell it otherwise (or ignore cookies). > > Lot of scope here for things like posts to Planet Debian > containing "broken" <img> tags that change everyone's website > language to Esperanto.
In which case, the practical effect is just a minor annoyance, and the person responsible gets kicked out. > Only way to fully avoid such mischief is to use a POSTed form with > an XSS prevention token. Or set the cookie with javascript. But if you want to consider all the cases, then you should also think of subdomains of debian.org setting a lang cookie for .debian.org, etc. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
