1 2009-11-25T01:03:50 *** grzywacz
2 2009-11-25T04:17:47 *** ChanServ
3 2009-11-25T04:17:47 *** CIA-34
4 2009-11-25T04:17:47 *** TheSheep
5 2009-11-25T04:17:47 *** dainbrain
6 2009-11-25T04:17:47 *** ser
7 2009-11-25T04:17:47 *** xorAxAx
8 2009-11-25T04:17:47 *** JosefMeier
9 2009-11-25T04:17:47 *** dimazest
10 2009-11-25T04:17:47 *** ronny
11 2009-11-25T04:17:47 *** waldi
12 2009-11-25T04:17:47 *** dreimark
13 2009-11-25T04:17:47 *** vpv
14 2009-11-25T04:17:47 *** dennda
15 2009-11-25T07:28:16 *** ChanServ
16 2009-11-25T07:28:16 *** vpv
17 2009-11-25T07:28:16 *** waldi
18 2009-11-25T07:28:16 *** dreimark
19 2009-11-25T07:28:16 *** dennda
20 2009-11-25T07:28:16 *** dimazest
21 2009-11-25T07:28:16 *** ronny
22 2009-11-25T07:28:16 *** JosefMeier
23 2009-11-25T07:28:16 *** CIA-34
24 2009-11-25T07:28:16 *** TheSheep
25 2009-11-25T07:28:16 *** dainbrain
26 2009-11-25T07:28:16 *** ser
27 2009-11-25T07:28:16 *** irc.freenode.net
28 2009-11-25T07:28:31 *** xorAxAx
29 2009-11-25T07:45:21 *** JosefMeier
30 2009-11-25T07:50:30 *** JosefMeier
31 2009-11-25T07:50:47 <JosefMeier> Moin Mion
32 2009-11-25T07:50:51 <JosefMeier> Moin
33 2009-11-25T07:51:14 <JosefMeier> ThomasWaldmann: I think I found the source of the problem: The gui editor itself escapes html code
34 2009-11-25T07:51:59 <JosefMeier> but if I don't escape the html once, the html is stored as is on the page.
35 2009-11-25T08:08:09 *** JosefMeier
36 2009-11-25T08:08:42 *** JosefMeier
37 2009-11-25T08:21:56 *** grzywacz
38 2009-11-25T08:44:45 <ThomasWaldmann> JosefMeier: we don't store html
39 2009-11-25T08:55:07 *** JosefMeier_
40 2009-11-25T08:55:32 *** JosefMeier
41 2009-11-25T08:55:33 *** JosefMeier_
42 2009-11-25T08:58:22 <ThomasWaldmann> moin
43 2009-11-25T09:05:18 <dreimark> ThomasWaldmann: the form should not have xss problems too
44 2009-11-25T09:11:27 <ThomasWaldmann> i want to see real problems, not just guessing
45 2009-11-25T09:12:25 <ThomasWaldmann> and just as a side note: if you switch to html view, you can insert any html into the gui editor, just by typing it
46 2009-11-25T09:15:29 <ThomasWaldmann> so the question for this specific case is "what would go wrong if josef does not wrongly double-escape stuff?"
47 2009-11-25T09:19:03 <dreimark> the form can be changed
48 2009-11-25T09:19:16 <dreimark> and I don't want double escaped stuff
49 2009-11-25T09:21:24 *** grzywacz
50 2009-11-25T11:04:01 *** tpfennig
51 2009-11-25T12:18:06 <JosefMeier> Have you tried it again? there is no double escape stuff anymore
52 2009-11-25T12:19:09 <JosefMeier> ThomasWaldmann: ^
53 2009-11-25T12:24:07 <JosefMeier> s15358202.onlinehome-server.info/1.9_modified/attachtest (as usual :-) )
54 2009-11-25T12:24:47 <ThomasWaldmann> later, busy at work currently
55 2009-11-25T12:55:24 *** vinci_
56 2009-11-25T13:12:08 *** tpfennig
57 2009-11-25T15:06:08 *** vinci_
58 2009-11-25T20:19:29 *** dainbrain
59 2009-11-25T20:19:29 *** ser
60 2009-11-25T20:19:31 *** ser
61 2009-11-25T21:07:50 *** dimazest
62 2009-11-25T21:15:40 *** dimazest
63 2009-11-25T21:53:54 *** grzywacz
64 2009-11-25T23:48:22 *** tpfennig
65
MoinMoin: MoinMoinChat/Logs/moin-dev/2009-11-25 (last edited 2009-11-25 00:15:02 by IrcLogImporter)