I sent that first to [EMAIL PROTECTED] ...
>> Hello message board. This is a message.
>> <SCRIPT>malicious code</SCRIPT>
>> This is the end of my message.
> I don't really see your point other than a carelessly implemented app may
> expose these kind of vulnerabilities. Python (and hence Zope) has a
> for stripping out this sort of malicious HTML.
> Search for Strip-o-Gram or Squishdot on Zope.org for examples of how this
> can be used.
you're right, but this example
executes the script. I don't exactly see why/where but I feel
this really shouldn't happen. As I see it, it's more a problem
of zope's standard_error page, which constructs links to the
classic zope site. I don't see a zope-specific bug here, too.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -