[Zope-dev] Re: [Zope-Checkins] efge-death-to-dtml-var-branch

Toby Dickenson tdickenson@geminidataloggers.com
Thu, 24 Oct 2002 08:33:39 +0100


(resend - sorry if you see a duplicate)

On Thursday 24 October 2002 12:06 am, Florent Guillaume wrote:

> Removed most <dtml-var> to replace them with &dtml-foo;.
> This corrects a number of potential XSS holes

I assume that the XSS holes are the old dtml-var tags which didnt have=20
html_quote?

Or am I missing something?