[Catalog-sig] HTML in long description

Fred Drake fdrake at gmail.com
Fri Aug 21 16:35:25 CEST 2009

On Fri, Aug 21, 2009 at 10:33 AM, "Martin v. Löwis"<martin at v.loewis.de> wrote:
> Which way should PyPI go: escape all markup if ReST rendering fails?
> Or else allow arbitrary HTML to be embedded? I'm worried that somebody
> would create a cross-site attack out of that...

Same here; the text in the <pre> should be properly escaped.


Fred L. Drake, Jr.    <fdrake at gmail.com>
"Chaos is the score upon which reality is written." --Henry Miller

More information about the Catalog-SIG mailing list