[ZPT] Re: [Zope] prevent quoting in tal:attributes

Chris Withers chrisw at nipltd.com
Tue Oct 7 07:45:15 EDT 2003


Jamie Heilman wrote:

> ...and therein lies the rub.  Uncertainty in the face of security is
> reason enough to unconditionally quote attribute values in my mind.

In an end user app definitely.

As a default, probably.

As the only option in an application development environment, huh?!

As a programmer I don't want the environment to limit what I can and can't do. 
However, it would be good if it made it less likely for me to do the wrong thing 
by default.

I DO NOT want to have everthing quoted with no choice in the matter ;-)

Chris




More information about the ZPT mailing list