[Grok-dev] zope has auto-escaping by default of variables to protect against XSS attacks

Sebastian Ware sebastian at urbantalk.se
Thu Nov 15 03:16:19 EST 2007

Well, why don't we start something like "feature of the week" where  
someone writes about a feature of Grok and it is posted on a (the new  
grok website?) blog and sent to a list of news websites. This stuff  
really doesn't have to be that long. It just needs to be interesting/ 
fun reading. We could call it "ME GROK LIKE feature of the week", and  
that could be our PR-tool.

Mvh Sebastian

15 nov 2007 kl. 02.31 skrev Martijn Faassen:

> Hi there,
> I was just highly amused to read this headline as #3 on  
> programming.reddit.com:
> Just checked in to Django trunk: auto-escaping of all variables in  
> templates, to protect against XSS attacks by default
> It links to here:
> http://www.djangoproject.com/documentation/templates/#automatic-html-escaping
> Of course the Django developers didn't make this the "news"  
> themselves, but it's still funny that people apparently consider  
> this as news worth mentioning. It just landed on the *trunk*, it  
> isn't even released yet. Zope has been doing this for a while. A  
> long while. The Zope community (ZC in particular, I think) was  
> actually one of the first to do something about it, in the year 2000.

More information about the Grok-dev mailing list