[triangle-zpug] Plone 2.1 demo

Chris Calloway cbc at unc.edu
Thu Sep 15 00:43:36 CEST 2005

Found a nasty feature in Plone 2.1. Iframes (and some other tags) are 
not allowed in Plone 2.1 pages for fear of cross-scripting 
vulnerability. This is only something to worry about in public site. To 
fix is, add iframes to the list of "VALID_TAGS" in CMFDefault.util.py. 
Here's a rejected collector issue on the subject:



Chris Calloway
office: 17-6 Venable Hall   phone: (919) 962-4323
mail: Campus Box #3300, UNC-CH, Chapel Hill, NC 27599

More information about the triangle-zpug mailing list