annotate roundup/cgi/PageTemplates/README.txt @ 4851:24b8011cd2dc
Fix XSS in issue2550817
Note that the code that triggers that particular bug is no longer in
roundup core. But the change to the templates we suggest is a *lot*
safer as it always escapes the error and ok messages now.
If you are upgrading: you *MUST* read doc/upgrading.txt and do the
necessary changes to your templates, the escaping now happens in the
template and not in the roundup code. So if you don't make the necessary
changes *you are vulnerable*.
| author |
Ralf Schlatterbeck <rsc@runtux.com> |
| date |
Fri, 20 Dec 2013 18:24:10 +0100 |
| parents |
b9988e118055 |
| children |
|
| rev |
line source |
1049
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1 See <a href="http://dev.zope.org/Wikis/DevSite/Projects/ZPT">the
|
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 ZPT project Wiki</a> for more information about Page Templates, or
|
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3 <a href="http://www.zope.org/Members/4am/ZPT">the download page</a>
|
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 for installation instructions and the most recent version of the software.
|
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
5
|
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
6 This Product requires the TAL and ZTUtils packages to be installed in
|
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
7 your Python path (not Products). See the links above for more information.
|
