[Zope-Checkins] CVS: Zope/lib/python/Shared/DC/Scripts/dtml - scriptBindings.dtml:1.2

Florent Guillaume fg@nuxeo.com
Sun, 22 Dec 2002 12:54:40 -0500 

Update of /cvs-repository/Zope/lib/python/Shared/DC/Scripts/dtml
In directory cvs.zope.org:/tmp/cvs-serv14380/lib/python/Shared/DC/Scripts/dtml

Modified Files:
	scriptBindings.dtml 
Log Message:
Merged efge-death-to-dtml-var-branch into HEAD:

Removed most <dtml-var> to replace them with &dtml-foo;.
This corrects a number of potential XSS holes, and simplifies
auditability of the remaining legitimate <dtml-var>.


=== Zope/lib/python/Shared/DC/Scripts/dtml/scriptBindings.dtml 1.1 => 1.2 ===
--- Zope/lib/python/Shared/DC/Scripts/dtml/scriptBindings.dtml:1.1	Tue Jan  9 16:48:47 2001
+++ Zope/lib/python/Shared/DC/Scripts/dtml/scriptBindings.dtml	Sun Dec 22 12:54:09 2002
@@ -31,8 +31,7 @@
   </div>
   </td>
   <td align="left" valign="top">
-  <input type="text" name="name_context" value="<dtml-var 
-   expr="getAssignedName('name_context', '')" html_quote>">
+  <input type="text" name="name_context" value="<dtml-var expr="getAssignedName('name_context', '')" html_quote>">
   </td>
 </tr>
 
@@ -55,8 +54,7 @@
   </div>
   </td>
   <td align="left" valign="top">
-  <input type="text" name="name_container" value="<dtml-var 
-   expr="getAssignedName('name_container', '')" html_quote>">
+  <input type="text" name="name_container" value="<dtml-var expr="getAssignedName('name_container', '')" html_quote>">
   </td>
 </tr>
 
@@ -76,8 +74,7 @@
   </div>
   </td>
   <td align="left" valign="top">
-  <input type="text" name="name_m_self" value="<dtml-var 
-   expr="getAssignedName('name_m_self', '')" html_quote>">
+  <input type="text" name="name_m_self" value="<dtml-var expr="getAssignedName('name_m_self', '')" html_quote>">
   </td>
 </tr>
 
@@ -98,8 +95,7 @@
   </div>
   </td>
   <td align="left" valign="top">
-  <input type="text" name="name_ns" value="<dtml-var 
-   expr="getAssignedName('name_ns', '')" html_quote>">
+  <input type="text" name="name_ns" value="<dtml-var expr="getAssignedName('name_ns', '')" html_quote>">
   </td>
 </tr>
 
@@ -121,8 +117,7 @@
   </div>
   </td>
   <td align="left" valign="top">
-  <input type="text" name="name_subpath" value="<dtml-var 
-   expr="getAssignedName('name_subpath', '')" html_quote>">
+  <input type="text" name="name_subpath" value="<dtml-var expr="getAssignedName('name_subpath', '')" html_quote>">
   </td>
 </tr>