[development] Turbogears: Python framework
kb at 2bits.com
Tue Mar 7 19:23:28 UTC 2006
On 3/7/06, Adrian Rossouw <adrian at bryght.com> wrote:
> On 07 Mar 2006, at 8:51 PM, Dries Buytaert wrote:
> > Also, we /suffer/ from pitfalls; most of these framework take care
> > of everything security (input validation, XSS injection) whereas
> > with Drupal, thou shalt not forget check_plain() and friends.
> how could we fix that ?
There were too discussions on the security lists last December.
One is titled "Sanitizing input/output", the other was titled "a sum
on general filtering".
Both discussed the possibility of using ob_start() and passing it
a filter call back so that everything gets filtered, and the pros and
cons of that approach.
Karoly and Steven were the main ones who discussed it.
More information about the development