> Example:
>
> http://www.zope.org/Documentation/alert(document.domain)
> http://www.zope.org/lalalalalalert(document.domain)
> http://www.zope.org/alert(document.cookie)
>
> For example, an attacker might post a message like
>
> Hello message board. This is a message.
>ma
What does this have to do with Zope? Its down to an individual application.
- Original Message -
From: "ALife" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, September 23, 2001 10:23 AM
Subject: [Zope-dev] New: Cross Site Scripting vulnerability
&
Aargh,
I sent that first to [EMAIL PROTECTED] ...
>> Hello message board. This is a message.
>>malicious code
>> This is the end of my message.
> I don't really see your point other than a carelessly implemented app may
> expose these kind of vulnerabilities. Pyt
> Hello message board. This is a message.
>malicious code
> This is the end of my message.
I don't really see your point other than a carelessly implemented app may
expose these kind of vulnerabilities. Python (and hence Zope) has a library
for stripping out this s
Example:
http://www.zope.org/Documentation/alert(document.domain)
http://www.zope.org/lalalalalalert(document.domain)
http://www.zope.org/alert(document.cookie)
For example, an attacker might post a message like
Hello message board. This is a message.
malicious code
