durusmail: quixote-users: Adding magic to PTL, Or: how to stop worrying about XSS holes
Adding magic to PTL, Or: how to stop worrying about XSS holes
2002-10-01
Neil Schemenauer
Adding magic to PTL, Or: how to stop worrying about XSS holes
2002-10-01
Nicola Larosa
Adding magic to PTL, Or: how to stop worrying about XSS holes
2002-10-01
Neil Schemenauer
Adding magic to PTL, Or: how to stop worrying about XSS holes
2002-10-02
Nicola Larosa
2002-10-01
Greg Ward
2002-10-01
Neil Schemenauer
2002-10-01
Jonathan Corbet
2002-10-01
Titus Brown
2002-10-01
Neil Schemenauer
2002-10-01
Titus Brown
Adding magic to PTL, Or: how to stop worrying about XSS holes
Neil Schemenauer
2002-10-01
On Tue, Oct 01, 2002 at 12:45:42PM -0600, Jonathan Corbet wrote:
> The thing that worries me at the outset is the prospect of another painful
> upgrade once that feature goes in.  Any chance of a release with, say,
> "from __future__ import markup" to help the transition?

Yes, I will probably do something this.  For example, _q_markclass would
default to 'str' for one release.

> The use of slots also imposes a Python 2.2 requirement, right?

Yes, but I could make it work with 2.1 if people are really tied to that
release.  I don't want to though. :-)

> Anyway, I think it's a good idea.  Now can you extend it to database
> strings so I can stop worrying about SQL injection problems too? :)

I'm guessing you know that the Python Database API already solves this
problem.

  Neil
reply