From metatracker at psf.upfronthosting.co.za  Mon Aug  3 18:51:40 2009
From: metatracker at psf.upfronthosting.co.za (Ezio Melotti)
Date: Mon, 03 Aug 2009 16:51:40 +0000
Subject: [Tracker-discuss] [issue296] XSS vulnerability in ok_message
In-Reply-To: <1248205874.61.0.225589760626.issue296@psf.upfronthosting.co.za>
Message-ID: <1249318300.26.0.303718099219.issue296@psf.upfronthosting.co.za>


Ezio Melotti <ezio.melotti at gmail.com> added the comment:

What's the point of putting those messages in the URL instead of generating them
server-side and put them directly in the HTML?
I would remove them altogether, they are annoying and also dangerous. Moreover I
don't see any advantage in having them in the URL and it looks to me like a
quick hack used to avoid writing a few more lines of code to handle these
messages properly.
I also usually have to copy the URL of the issue I just created/edited, and that
text make it more difficult to copy, because I have to select just the relevant
part. (The "clear this message" doesn't help either because it still leaves some
extra text in the URL.)

----------
nosy: +ezio.melotti

_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue296>
_______________________________________________________

From metatracker at psf.upfronthosting.co.za  Thu Aug 27 00:06:07 2009
From: metatracker at psf.upfronthosting.co.za (Hugh Thompson)
Date: Wed, 26 Aug 2009 22:06:07 +0000
Subject: [Tracker-discuss] [issue267] Make the 'remove' buttons less annoying
In-Reply-To: <1239158834.9.0.636756137699.issue267@psf.upfronthosting.co.za>
Message-ID: <1251324367.17.0.482264121933.issue267@psf.upfronthosting.co.za>


Hugh Thompson <hthompson at tmt.org> added the comment:

Not sure if you mind random folks from commenting on here.  I found your html
and python for the restore button and unlink auditor very helpful.  After a bit
of tweaking I got it working for me.  Thanks.  One problem I notice testing
this, is that the roundup message order "reverse" seems to fail after doing a
restore.  It seems that the order it is using is the date edited order rather
than the original date order (even though the original date is what is shown). 
Have you noticed this or is this just a problem I have because I don't know how
to do anything other than the default "reverse" ordering of messages?

----------
nosy: +hthompson

_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue267>
_______________________________________________________