michael-e
michael-e
OK, we have a problem here, which is mentioned here: http://unicode.org/reports/tr36/#Deletion_of_Noncharacters I don't think that it is a _practical_ problem for the Input field—but it is definitely an issue for...
I should mention that sometimes the suggestion is to insert a replacement character, see http://stackoverflow.com/a/24672780. However, I have no idea if this is a good solution for us. I guess...
I verified that the attack described above would actually work if my "cleanup hack" is applied to the field. I was able to input `` (the entity is the `DEL`...
> I think that's a matter of patching XSS Filter. It should remove all control chars and do all tests again. No, it should not manipulate data independently. Instead it...
@nitriques: Regarding these XSS issues: I would like to explain it a bit better. But I will limit my explanation to the simplest example for XSS, and AFAIK, the "Art...
This issue may have a simple solution (and this would as well influence #2500, positively, IMHO). After thinking about it a lot, I suggest the following: - Do **not** add...
I am with @brendo here. @nathanhornby, you yourself said: > Which might make perfect sense in context, but become confusing when you're selecting them as a datasource source. This is...
Adding the handle would have an additional benefit: Symphony allows to even have two sections with identical names in a single navigation group. (Strange, but possible!) Adding the handle would...
Symphony allows sections to have "purely presentational" properties, like the navigation group and the display name. But we use one, and only one of them — the name, which needs...
@nilshoerrmann: In my post above I said using additional _presentational properties_ of a section in order to identify is not the best choice in my eyes. Don't you agree with...