This hotfix product fixes a security bug in Page Templates. This fix ensures that values substituted in named slots in translated elements are properly encoded. If encoding is not desired and the source of the replacement text is trusted, the "structure" modifier can be used with the tal:content or tal:replace attribute to explicitly disable encoding.
Affected Versions This fix applies to Zope 2.7.0 and 2.7.1. Zope versions 2.7.2 and newer already contain this fix, and do not require this hotfix. Getting the Hotfix You can download the hotfix at: http://zope.org/Products/Zope/Hotfix_2004-07-13/Zope%202.7.0%20-%202.7.1/ The product contains a README.txt file with installation instructions. -Fred -- Fred L. Drake, Jr. <fred at zope.com> Zope Corporation _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
