After many hours thinking about the problem, I have decided to revert my
last change as the problem is unsolvable (flexibility vs security). And
I also think that we can trust symfony plugin developers. I mean,
submitting a plugin is not an easy task to get it right, so I think the
safeguard is strong enough. If not, well, I will have to kick some asses.
Fabien
--
Fabien Potencier
Sensio CEO - symfony lead developer
sensiolabs.com | symfony-project.org | fabien.potencier.org
Tél: +33 1 40 99 80 80
On 7/13/10 2:43 PM, Tom Boutell wrote:
Can anything be done to fix the situation with Symfony plugin READMEs
no longer allowing entity escapes or outgoing links? It's a huge
readability problem on the site. Was there an XSS attack of some kind?
Is it a spam issue (which might be solved with nofollow links)? Can I
roll up my sleeves and help code a fix? I'm very willing to put my
time where my mouth is on this one. Even though Apostrophe has its own
documentation site, I have many other plugins that do not, and of
course most other plugins do not.
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
