[Zope-dev] Bug in zc.resourcelibrary?

Benji York benji at zope.com
Tue Dec 4 09:15:09 EST 2007


Thomas Lotze wrote:
> Wouldn't a check like
> 
>   if content_type.split(';', 1)[0] in ('text/html', 'text/xml'):
>       ...
> 
> be more appropriate?

Probably.  Remember, zc.resourcelibrary's HTML injection code is a hack 
-- a necessary hack, but a hack none the less.  I can say that because I 
did it. ;)

Feel free to make the change you outlined, especially if this is causing 
you to get incorrect results in one of your apps.

Also, does case matter here?  Perhaps a .lower() should be added as well.
-- 
Benji York
Senior Software Engineer
Zope Corporation


More information about the Zope-Dev mailing list