On May 17, 2007, at 5:35 PM, Christoph Zwerschke wrote:
> > Just noticed that I cannot include HTML tags or HTML entities in a > flash() note (they are printed literally), and even flash(kid.XML > (...)) > does not work, since the flash note is stored as text in a cookie. > > If somebody had the same problem, the solution is to replace > py:content="tg_flash" with py:content="XML(tg_flash)" in master.kid. I wonder if it would be a good idea to make it a default... Hmm, could this open the door to XSS attacks? (I guess probably not since the attacker would need to hijack the cookie, modify it, and then make the attacked browser use it... but you never know...) > > I wanted to add this to the docu but found that flash() wasn't even > documented anywhere :-( or did I overlook something? Feel free to start a "flash" page :) Alberto --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
