On 2016-07-27 at 20:59:14 -0400, David Mertens wrote: > I know nothing about PDL's web pages. The most recent work I know of on > them was back in 2013, when Joel Berger was trying to port things over to > github. At the time, Joel had produced an interesting XSS testing example > using the documentation from a particular Acme module: > > http://pdlporters.github.com/?docs=Acme::XSS > > To the best of my knowledge, that's not what we use for serving pdl.perl.org > . > > That's the extent of my knowledge of the problem, which I guess is to say, > nill. :-/
I would recommend switching to Joel's work since it uses much more modern Web techniques and makes use of MetaCPAN for rendering. The current code is rather old and to make it run under a PHP7 install, I had to make some changes. In the interim, I have fixed the vulnerability with this merge request <https://sourceforge.net/p/pdl/pdl-www/merge-requests/1/>. Cheers, - Zaki Mughal > > David ------------------------------------------------------------------------------ _______________________________________________ pdl-devel mailing list pdl-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/pdl-devel
