Yes please. I would be happy to help if help is needed to address whatever injection problem is behind this concern. It's interesting because Fabien is not just calling strip_tags, that wouldn't remove entities.
On Sun, Jul 4, 2010 at 3:36 PM, Christian Schaefer <[email protected]> wrote: > > *bump* ? > > On 29 Jun., 14:31, Tom Boutell <[email protected]> wrote: >> Hoo boy is this a mess. We need to be able to at least type < > & (: >> >> >> >> On Tue, Jun 29, 2010 at 3:43 AM, Christian Schaefer <[email protected]> wrote: >> >> > I just opened a ticket about the API documentation which also appears >> > to be broken. This might correlate? >> >http://trac.symfony-project.org/ticket/8809 >> >> > On Jun 25, 3:56 am, weaverryan <[email protected]> wrote: >> >> Yes, all of README files now have garbled php code in their README's >> >> (http://www.symfony-project.org/plugins/sfDoctrineGuardPlugin). >> >> >> Is there now a different way that code blocks should be specified? Can >> >> we turn off the escaping inside pre tags? >> >> >> Thanks >> >> >> On Jun 24, 1:55 pm, Bicou <[email protected]> wrote: >> >> >> > I think it's related, in php code blocks, the > is escaped : $this- >> >> > >article = $this->getRoute()->getObject(); >> >> >> > On Jun 24, 11:12 am, Christian Schaefer <[email protected]> wrote: >> >> >> > > Oh and it doesn't explain that some of the images are not shown, does >> >> > > it? >> >> >> > > On Jun 24, 10:59 am, Christian Schaefer <[email protected]> wrote: >> >> >> > > > ah, understood. a pity though for simple things like anchors.. Is >> >> > > > there a chance you allow some selected tags? >> >> >> > > > On Jun 24, 10:56 am, Fabien Potencier <fabien.potenc...@symfony- >> >> >> > > > project.com> wrote: >> >> > > > > On 6/24/10 10:37 AM, Christian Schaefer wrote: >> >> >> > > > > > Hi all, >> >> >> > > > > > have a look >> >> > > > > > athttp://www.symfony-project.org/plugins/sfImageTransformExtraPlugin/1_... >> >> > > > > > It seems totally broken as most images are not shown and all >> >> > > > > > anchors >> >> > > > > > are escaped. Yet the same markdown in the dingus works just >> >> > > > > > fine. >> >> >> > > > > > Can anyone have a look at this please? >> >> >> > > > > That's because for security reasons, I disabled the possibility >> >> > > > > to embed >> >> > > > > HTML in the Markdown. >> >> >> > > > > Fabien >> >> >> > > > > > Cheers >> >> > > > > > /Christian >> >> > -- >> > If you want to report a vulnerability issue on symfony, please send it to >> > security at symfony-project.com >> >> > You received this message because you are subscribed to the Google >> > Groups "symfony developers" group. >> > To post to this group, send email to [email protected] >> > To unsubscribe from this group, send email to >> > [email protected] >> > For more options, visit this group at >> >http://groups.google.com/group/symfony-devs?hl=en >> >> -- >> Tom Boutell >> P'unk Avenue >> 215 755 1330 >> punkave.com >> window.punkave.com > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en > -- Tom Boutell P'unk Avenue 215 755 1330 punkave.com window.punkave.com -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
