On Tuesday, Oct 28, 2003, at 11:14 Europe/Rome, Nicola Ken Barozzi wrote:
Stefano Mazzocchi wrote:
On Monday, Oct 27, 2003, at 15:35 Europe/Rome, Robert Koberg wrote:Absolutely. This wasn't mentioned, but planned. I will do relaxng validation before allowing any xml data into the system. This should be enough for documentation.nah, dude, look: doco has a very precise editing access point. You can
*ONLY* modify xml content. So, changes to .htaccess, CGI scripts,
servlet upload, sql injection, cross-site-scripting, and you next
favorite attack will NOT work because the system prevents it by design
[not saying it cannot happen, but if it does it's a bug, not a faulty
design]
FWIW, I agree. Perhaps the submit goes to a well-formedness check (or even
better?, schema/dtd validation). If it fails, it doesn't even enter the
approval process.
Forrest also uses other files as source formats: cwiki (wiki) ihtml (cleaned html) ehtml (passthrough html) txt (text files)
Linotype will generates XHTML only and this is what forrest will have to process.
Nah, it would just fail and log the failure. No need to spam further since it might well be a bug in the editing software ;-) [I have experienced a few of them as well]Perhaps a notification email is sent describing that an invalid submittal was sent.Damn, forgot about this!The user is returned an error page saying the post was rejected, in case it was just a mistake.
On another note, can images/PDFs/other-binaries be uploaded?
My suggestion would be to process the binary file and determine if it's an image or not.
If not, reject it right away. [there should be *NO* need to upload any other binary file ]
For uploads of binary resources, we can limit them to the ones we want to cater for as forrest content as images. For the other types of things that are to be rendered as "raw", like PDFs, tarballs, javadocs, etc, we will have to use the same method we use now.
No. File upload will be limited to images for now. Too risky to allow anything else.
-- Stefano.
