[Catalog-sig] HTML in long description
Fred Drake
fdrake at gmail.com
Fri Aug 21 16:35:25 CEST 2009
On Fri, Aug 21, 2009 at 10:33 AM, "Martin v. Löwis"<martin at v.loewis.de> wrote:
> Which way should PyPI go: escape all markup if ReST rendering fails?
> Or else allow arbitrary HTML to be embedded? I'm worried that somebody
> would create a cross-site attack out of that...
Same here; the text in the <pre> should be properly escaped.
-Fred
--
Fred L. Drake, Jr. <fdrake at gmail.com>
"Chaos is the score upon which reality is written." --Henry Miller
More information about the Catalog-SIG
mailing list