On Fri, Aug 28, 2009 at 4:37 PM, Joshua Russo wrote:
> On Fri, Aug 28, 2009 at 4:11 PM, Joshua Russo wrote:
>
>> On Thu, Aug 27, 2009 at 10:39 PM, Forest Bond > > wrote:
>>
>>> Hi,
>>>
>>> On Thu, Aug 27, 2009 at 07:42:24PM -0100, Joshua Russo wrote:
>>> > On Thu, Aug 27, 2009 at 6:22 PM, Forest B
Hi Russell,
> The difference here is that XSS is mentioned in the template docs,
> not the tutorial. The tutorial is happily XSS safe, and the new
> user is oblivious to this fact. You only really need to hunt down
> documentation about XSS when you start dealing with content that
> needs to brea
On Mon, Aug 31, 2009 at 8:45 PM, Luke Plant wrote:
>
> Thanks for your response Russell:
>
>> I've had a quick look at the patch, and found a few minor cosmetic
>> things. I've also done a lot of reading of the archives to
>> understand why the patch is the way it is. A comprehensive teardown
>> o
I wrote:
> In fact, I've just discovered that there is a view in
> current Django that, if you have the current CSRF protection
> enabled, will leak the CSRF token to an external site -- the
> technical 500 debug view in django/views/debug.py has a POST form
> to dpaste.com. (I'll try to fix that
Thanks for your response Russell:
> I've had a quick look at the patch, and found a few minor cosmetic
> things. I've also done a lot of reading of the archives to
> understand why the patch is the way it is. A comprehensive teardown
> of the patch will take a bit longer, but before I do that tea
On Aug 30, 5:21 pm, Alex Gaynor wrote:
> I'd be -1 on having a seperate, restricted API. There is, IMO, no
> reason to have more than one API, any sort of restricted system should
> come in the form of documentation saying what the minimum
> functionality needed for a database backend to support
