(resend - sorry if you see a duplicate) On Thursday 24 October 2002 12:06 am, Florent Guillaume wrote:
> Removed most <dtml-var> to replace them with &dtml-foo;. > This corrects a number of potential XSS holes I assume that the XSS holes are the old dtml-var tags which didnt have html_quote? Or am I missing something? _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
