[zope2-tracker] [Bug 491224] Re: Error page does not sanitize HTML, passes through potentially malicious Javascript

Martijn Pieters launchpad.net at zopatista.com
Mon Jan 11 10:54:42 EST 2010


How does this fix relate to many exceptions within Zope that
deliberately contain HTML? Take a look at OFS.CopySupport for some
really horrible examples.

-- 
Error page does not sanitize HTML, passes through potentially malicious Javascript
https://bugs.launchpad.net/bugs/491224
You received this bug notification because you are a member of Zope 2
Developers, which is a direct subscriber.


More information about the zope2-tracker mailing list