In article <[EMAIL PROTECTED]> you write:
> - Cross-scripting issues:
> I guess that some of those are still in the Zope Management Interface 
> (which is not meant to be used by untrusted users in most cases), but 
> Zope offers a lot of tools to make sure that it is hard to post 
> malicious code in forums, attack Zope via URLs etc.

I've worked had to remove all those in the DTML code. I've not audited
the rest of the python code that generates HTML directly (code that
should be taken out and shot), but I think there are patches for those
in the collector.


Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  mailto:[EMAIL PROTECTED]

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to