(resend - sorry if you see a duplicate)

On Thursday 24 October 2002 12:06 am, Florent Guillaume wrote:

> Removed most <dtml-var> to replace them with &dtml-foo;.
> This corrects a number of potential XSS holes

I assume that the XSS holes are the old dtml-var tags which didnt have 
html_quote?

Or am I missing something?




_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to