[Zope-dev] Re: 2.7.0-b2 - Critical ZPT TAL bug when using
content-type text/xml
Evan Simpson
evan at 4-am.com
Mon Sep 22 10:20:45 EDT 2003
Richard Waid wrote:
> Basically, if you're using a ZPT with a content-type text/xml, using a
> TAL path expression to access an attribute or method causes a security
> violation (Unauthorized). It does not happen if the ZPT is using
> content-type text/html.
Ah, guarded_getattr is doing something wrong with Unicode attribute
names, though I'm not sure exactly what.
> http://collector.zope.org/Zope/1034/
Thanks for the pointer -- I've updated the bug.
Cheers,
Evan @ 4-am
More information about the Zope-Dev
mailing list