MoinMoinChat/Logs/moin-dev/2009-11-19

   1 2009-11-19T00:58:02  *** fucheeno has quit IRC
   2 2009-11-19T02:05:52  *** fucheeno has joined #moin-dev
   3 2009-11-19T02:54:36  *** grzywacz has quit IRC
   4 2009-11-19T05:12:21  *** fucheeno has quit IRC
   5 2009-11-19T07:18:28  *** brijith has joined #moin-dev
   6 2009-11-19T07:18:54  <brijith> moin moin wiki is coming with out formating ... Seems like style sheet is missing ..... I followed this tutorial https://help.ubuntu.com/7.04/server/C/moinmoin.html            please help
   7 2009-11-19T07:20:23  *** brijith has left #moin-dev
   8 2009-11-19T08:36:38  <ThomasWaldmann>  moin
   9 2009-11-19T08:42:04  <dreimark> moin
  10 2009-11-19T12:14:40  <waldi> hi
  11 2009-11-19T12:17:05  *** JosefMeier has joined #moin-dev
  12 2009-11-19T12:17:15  <JosefMeier> Moin Moin
  13 2009-11-19T12:36:38  *** eisi has joined #moin-dev
  14 2009-11-19T13:19:46  *** eisi has left #moin-dev
  15 2009-11-19T15:32:53  <dreimark> heda
  16 2009-11-19T16:58:48  <CIA-34> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 5295:93d19194d145 1.9/MoinMoin/parser/highlight.py: highlight parser: refer to HelpOnParsers, not HelpOnSyntaxHighlighting
  17 2009-11-19T17:12:37  <ThomasWaldmann> I merged that to reduce page count. Content was partially duplicated, was still missing from i18n/strings.py.
  18 2009-11-19T17:24:33  <dreimark> ThomasWaldmann: http://paste.pocoo.org/show/151227/ of course with the new name. Is that enough for getting it as a save link?
  19 2009-11-19T17:25:28  <ThomasWaldmann> i already told you that this smells like XSS
  20 2009-11-19T17:25:55  <ThomasWaldmann> thus "don't do that"
  21 2009-11-19T17:26:25  <dreimark> yes that's why I didn't do it.
  22 2009-11-19T17:26:35  <dreimark> but I ve not seen the message before
  23 2009-11-19T17:26:54  <ThomasWaldmann> what message?
  24 2009-11-19T17:27:13  <dreimark> 18:23 < ThomasWaldmann> that smell
  25 2009-11-19T17:27:47  <ThomasWaldmann> if you like to help: get HilfeZuParsern in sync with HelpOnParsers
  26 2009-11-19T17:29:42  <dreimark> i just want to understand first on which part the xss can happen. I haven't applied it because I thought the msg string must be carefully checked on any translated version (and i dislike this dependency)
  27 2009-11-19T17:31:37  <ThomasWaldmann> the problem is that you are changing formatter api. a string that was escaped through formatter.text() before would not get escaped any more.
  28 2009-11-19T17:31:57  <ThomasWaldmann> Thus someone relying on that until now would likely have xss in his code.
  29 2009-11-19T17:32:05  <ThomasWaldmann> (after that change)
  30 2009-11-19T17:33:15  <dreimark> this part of the code was added at http://hg.moinmo.in/moin/1.9/rev/a83a65fcbb69
  31 2009-11-19T17:33:47  <dreimark> the msg output wasn't there before Sun Nov 15 21:54:56 2009
  32 2009-11-19T17:38:54  <ThomasWaldmann> ok, then the api change itself is no problem, still fresh enough
  33 2009-11-19T17:39:26  <ThomasWaldmann> the question is then whether you want to offer that unescaped functionality, risking xss
  34 2009-11-19T17:40:17  <ThomasWaldmann> if the answer is yes, one would at least have to document that in the docstring that the msg string won't get escaped
  35 2009-11-19T17:40:52  <dreimark> I' ll look later again how the msg is done in the msg bar
  36 2009-11-19T17:44:50  <ThomasWaldmann> gtg/bbl
  37 2009-11-19T17:48:32  <CIA-34> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 5296:5830f61d4718 1.9/MoinMoin/i18n/ (43 files): updated i18n
  38 2009-11-19T18:19:42  * dreimark will look at the HilfeZuParsern page
  39 2009-11-19T18:34:26  <dreimark> gtg bbl
  40 2009-11-19T19:17:09  *** JosefMeier has quit IRC
  41 2009-11-19T19:54:00  *** grzywacz has joined #moin-dev
  42 2009-11-19T20:41:39  *** JosefMeier has joined #moin-dev
  43 2009-11-19T20:44:24  <JosefMeier> dreimark: Is the "package multiple pages" button planned to be included in moin 1.9 ?
  44 2009-11-19T21:57:24  *** dimazest has quit IRC
  45 2009-11-19T21:59:08  *** dimazest has joined #moin-dev
  46 2009-11-19T22:00:15  *** dimazest has joined #moin-dev
  47 2009-11-19T22:26:50  *** JosefMeier has quit IRC
  48 2009-11-19T22:27:08  *** JosefMeier has joined #moin-dev
  49 2009-11-19T23:05:42  <dreimark> JosefMeier: without a limitation rather not
  50 2009-11-19T23:06:23  <dreimark> if one gives a regex of .* for example and that many times
  51 2009-11-19T23:07:01  <dreimark> the server process or the server itselfs can be DOSed
MoinMoin: MoinMoinChat/Logs/moin-dev/2009-11-19 (last edited 2009-11-19 00:00:02 by IrcLogImporter)