[Product-Developers] Links in StatusMessages

Richard Mitchell richard.j.mitchell at gmail.com
Thu Aug 23 16:57:07 UTC 2012


Hi Philip,

>From a security point of view, I would recommend against this, as this
would expose a cross-site-scripting attack in some configurations.

Thanks,
Richard

On Thu, Aug 23, 2012 at 5:35 PM, Philip Bauer <bauer at starzel.de> wrote:

> Hi all,
>
> there doesn't seem to be a way to include links in statusmessages. Since
> the template global_statusmessage.pt that renders the messages does
> tal:content="message/message" instead of tal:content="structure
> message/message" the links don't get rendered.
>
> I changed this by customizing the template. Might there be a better way?
> Or might it be a good idea to change this template by default?
>
> The are some cases in plone where links are used but they are rendered by
> hand in templates (e.g.
> plone.app.portlets/plone/app/portlets/browser/templates/
> manage-contextual.pt and Archetypes/skins/archetypes/edit_macros.pt).
> This is not possible in my use-case. I use it in
> https://github.com/starzel/starzel.firstitem
>
> cheers,
> Philip
>
> --
> Starzel.de
> Philip Bauer
> Adlzreiterstr. 35
> 80337 München
> Tel: 089 - 189 29 533
> Fax: 089 - 189 29 535
> bauer at starzel.de
> www.starzel.de
>
> _______________________________________________
> Product-Developers mailing list
> Product-Developers at lists.plone.org
> https://lists.plone.org/mailman/listinfo/plone-product-developers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plone.org/pipermail/plone-product-developers/attachments/20120823/019fd5d6/attachment.html>


More information about the Product-Developers mailing list