[TYPO3-core] RFC: Add external RemoveXSS library to TYPO3
Michael Stucki
michael at typo3.org
Sat Sep 22 18:09:13 CEST 2007
Hi Thorsten,
ok, thanks for your feedback. So far I asked two people about their opinion,
however, as the name says, it is just an opinion. We probably need an expert
for this...
Anyway, I think that unless someone can clarify this very quickly, we should
stop discussing it here and move the discussion to the dev list...
So who knows the answer?
- michael
Thorsten Kahler wrote on Saturday 22 September 2007:
> Hi all,
>
> I didn't take notice of that lib before so I can't say anything about it's
> quality and reliability. In general I'd vote for including tested and
> approved external libraries for security purposes.
>
> When taking a first look at the patch I came across the notice "Used with
> permission by the author.". So the licence question came to my mind. How is
> the code licensed? And do we have the authors permission to include it in
> TYPo3?
>
> Best regards to all of you who enjoy their time in Karlsruhe,
> Thorsten
>
> Michael Stucki wrote on 22.09.2007 17:37:
> > Hi guys,
> >
> > Lars Houmark asked me on behalf of the security team if we could add this
> > function to TYPO3.
> >
> > It's about removing XSS code from any input string. It seems to work very
> > well, therefore we should start using it as soon as it's committed.
> >
> > Branches: Trunk only
> >
> > - michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20070922/7140a85a/attachment.pgp
More information about the TYPO3-team-core
mailing list