Overview

This hotfix product fixes a security bug in Page Templates. This fix ensures that values substituted in named slots in translated elements are properly encoded. If encoding is not desired and the source of the replacement text is trusted, the "structure" modifier can be used with the tal:content or tal:replace attribute to explicitly disable encoding.

Affected Versions

This fix applies to Zope 2.7.0 and 2.7.1. Zope versions 2.7.2 and newer already contain this fix, and do not require this hotfix.

This fix also obsoletes Hotfix_20040713, so that should be uninstalled when this hotfix is installed. See the README.txt file provided with Hotfix_20040713 for instructions on removing that hotfix.

Getting the Hotfix

This hotfix product can be downloaded from: http://zope.org/Products/Zope/Hotfix_2004-07-14/Zope 2.7.0 - 2.7.1/.