On Wed, May 20, 2015 at 8:16 PM, Andy Goth <andrew.m.g...@gmail.com> wrote:
> On 5/20/2015 12:56 PM, Stephan Beal wrote: > > Of what kind? > > > > (please excuse brevity - left hand is currently bandaged) > > The linked article gives examples. Repeating: > > http://wonko.com/post/html-escaping i would need to be shown a viable "attack" on fossil before believing it. Sure, someone could try it, but i'm not convinced that there is an attack which could negatively affect the repo (only, at most, the malicious user's ability to use it). Comparing php-based code (as that article does) to Fossil's internal string-generation code is an apples/oranges comparison. i of course cannot rule out that such attacks theoretically exist, but would have to be shown one to believe it. -- ----- stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal "Freedom is sloppy. But since tyranny's the only guaranteed byproduct of those who insist on a perfect world, freedom will have to do." -- Bigby Wolf
_______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
