[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: weblily
From: |
Han-Wen Nienhuys |
Subject: |
Re: weblily |
Date: |
Mon, 25 May 2009 10:05:28 -0300 |
The safe mode would be a good idea, banning # is a bit rigorous, as it
is needed for various tweaks.
On Mon, May 25, 2009 at 6:09 AM, weblily <address@hidden> wrote:
> Hi Han-Wen,
>
>
> thanks for your response. I am sorry, I could confirm it. There are some
> more XSS related security issues open. It's really a hell. But I shall try.
>
> Would it help to use LilyPond's safe mode to address this problem? How safe
> is the safe mode anyway? There are so many places where you should care for
> the right kind of escaping ...
>
> Would it be an effective idea to ban the "#"-sign from input altogether?
>
> I'm still a newbee concerning LilyPond. So please, don't mind me asking
> stupid questions.
>
>
> Best regards,
>
> Johannes aka. Weblily
>
>
>
> Han-Wen Nienhuys schrieb:
>>
>> this is a cute idea, but you need to do something wrt security,
>>
>>
>> \header { title = #(ly:gulp-file "/lib/libc.so") }
>>
>> appears to actually work rather than raise a security warning.
>>
>>
>
>
--
Han-Wen Nienhuys - address@hidden - http://www.xs4all.nl/~hanwen
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: weblily,
Han-Wen Nienhuys <=