[development] Turbogears: Python framework
Khalid B
kb at 2bits.com
Tue Mar 7 19:14:44 UTC 2006
On 3/7/06, Adrian Rossouw <adrian at bryght.com> wrote:
>
> On 07 Mar 2006, at 8:51 PM, Dries Buytaert wrote:
> >
> > Also, we /suffer/ from pitfalls; most of these framework take care
> > of everything security (input validation, XSS injection) whereas
> > with Drupal, thou shalt not forget check_plain() and friends.
>
> how could we fix that ?
There were too discussions on the security lists last December.
One is titled "Sanitizing input/output", the other was "a sum on
general filtering".
Both discussed using ob_start() and passing it a filter call back
so that everything gets filtered, and the pros and cons of that
approach.
Karoly and Steven were participants.
(Thanks to Gmail)
More information about the development
mailing list