[ZDP] Distributed authoring test
Mon, 24 May 1999 07:38:47 -0400
> There is at least one problem that I see, and I thing it's a
> Zope issue.
> Contributions are created in pairs, a shell DTML Document
> that calls the actual
> text that is stored in a companion DTML Method. I did this
> for several reasons:
> - supporting the use of structured text if contributors
> wanted to use it; and
> - removing (translating using the 'html_quote' attribute)
> HTML tags so that
> viewers can see what was written without their browser rendering it.
> However, DTML is still rendered. Is this a security risk?
> Do we need a new
> attribute like 'DTML_quote' that would deactivate DTML tags?
> Also, HTML tags in structured text contributions are rendered, as the
> 'html_quote' seems to break the use of stx.
Note that, for the portal toolkit demo, we created an "STX Document"
object for Zope. The standard_html_header and footer statements don't
go in the body and the body is pure structured text. However, when
rendered, it is turned into HTML with the standard header and footer.
This was done using Z Classes.