[development] Turbogears: Python framework

Khalid B kb at 2bits.com
Tue Mar 7 19:14:44 UTC 2006

On 3/7/06, Adrian Rossouw <adrian at bryght.com> wrote:
> On 07 Mar 2006, at 8:51 PM, Dries Buytaert wrote:
> >
> > Also, we /suffer/ from pitfalls; most of these framework take care
> > of everything security (input validation, XSS injection) whereas
> > with Drupal, thou shalt not forget check_plain() and friends.
> how could we fix that ?

There were too discussions on the security lists last December.
One is titled "Sanitizing input/output", the other was "a sum on
general filtering".

Both discussed using ob_start() and passing it a filter call back
so that everything gets filtered, and the pros and cons of that

Karoly and Steven were participants.

(Thanks to Gmail)

More information about the development mailing list