Antoine Pitrou <pit...@free.fr> added the comment: > > What is the security issue? text/plain can't execute arbitrary code in your > > browser. > > Depending on the browser, it could trigger "funny" control sequences > (in particular in a text browser running in a terminal). I believe that > text/plain *can* run arbitrary code.
I don't think that's a serious concern. Anyone wanting to use the bug tracker's Web UI in a text-mode browser has probably given up long ago. Also, if a text-mode Web browser renders control sequences without escaping them, I'd say the browser has a security problem, not the Web site. _______________________________________________________ PSF Meta Tracker <metatrac...@psf.upfronthosting.co.za> <http://psf.upfronthosting.co.za/roundup/meta/issue381> _______________________________________________________ _______________________________________________ Tracker-discuss mailing list Tracker-discuss@python.org http://mail.python.org/mailman/listinfo/tracker-discuss
