On Thursday 08 Aug 2002 9:29 pm, Martijn Pieters wrote:
On Thu, Aug 08, 2002 at 08:19:12PM +0100, Toby Dickenson wrote:
I am about to land some big changes in the way DTML deals with data
taken from the REQUEST object when accessed implicitly, in both the
Zope Trunk and the Zope 2.5
__record_schema__ is simply a dictionary which maps field names to column
positions (ints) so that the record knows the index of each field in the
record tuples.
See line 154 of Catalog.py to see how it is initialized to the Metadata schema
plus a few extra columns for catalog rid and scores.
On Fri, Aug 09, 2002 at 09:56:45AM +0100, Toby Dickenson wrote:
The risk for breakage is very small really
Your choice of '' and html_quote suggests that my dtml code which generates
javascript and vbscript carries a higher risk than dtml which generates html.
Only if you generated that
On Friday 09 Aug 2002 3:12 pm, Martijn Pieters wrote:
On Fri, Aug 09, 2002 at 09:56:45AM +0100, Toby Dickenson wrote:
The risk for breakage is very small really
Your choice of '' and html_quote suggests that my dtml code which
generates javascript and vbscript carries a higher risk than
On Fri, 2002-08-09 at 10:43, Toby Dickenson wrote:
On Friday 09 Aug 2002 3:12 pm, Martijn Pieters wrote:
On Fri, Aug 09, 2002 at 09:56:45AM +0100, Toby Dickenson wrote:
The risk for breakage is very small really
Your choice of '' and html_quote suggests that my dtml code which
While using the DCOracle2 module outside of Zope I recieve the following
traceback:
Traceback (most recent call last):
File /dev/fd/4, line 206, in ?
File /dev/fd/4, line 206, in ?
File ./modules/Calendar.py, line 193, in dayGroupView
reservation = Reservation(conflict)
File
Tres Seaver wrote:
Whithout the fix, virtually every Zope site in the world is vulnerable
to URL-based cross-site scripting exploits. For instance, any URL which
contains invalid form variable marshalling can generate an error page
which includes the erroneous value, unquoted. E.g.:
On 8/9/02 8:43 AM, Toby Dickenson [EMAIL PROTECTED]
wrote:
I agree it is true in most cases, but not all. Have you analysed how many
applications will be broken by this? how they can detect the breakage? I
certainly will not have time to assess the implications on my applications
before the