How about cleaning the message before saving as a coockie?
Would adding something like
message = portal_transforms.convertTo('text/x-html-safe', self.message,
mimetype='text/-x-web-intelligent')
to Products.statusmessages.message.Message.encode be ok?
Philip
Am 23.08.2012 um 18:50 schrieb Matthew Wilkes <m...@matthewwilkes.name>:
>
>
> Philip Bauer wrote:
>> I changed this by customizing the template. Might there be a better way? Or
>> might it be a good idea to change this template by default?
>
> I would be hesitant to change this by default, as it means that if a
> malicious user can get cookies set for another user they can insert arbitrary
> HTML.
>
> Matt
_______________________________________________
Product-Developers mailing list
product-develop...@lists.plone.org
https://lists.plone.org/mailman/listinfo/plone-product-developers
