On Thu, 2002-10-24 at 09:33, Toby Dickenson wrote:
> > Removed most <dtml-var> to replace them with &dtml-foo;.
> > This corrects a number of potential XSS holes
> 
> I assume that the XSS holes are the old dtml-var tags which didnt have 
> html_quote?

Yes.


Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:fg@;nuxeo.com


_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to