[Plone-UI] Re: Skinny 0.4 no longer leaks Plone views
Daniel Nouri
daniel.nouri at gmail.com
Fri Apr 17 13:46:03 UTC 2009
Martin Aspeli writes:
> Daniel Nouri wrote:
>> Hi (and sorry for cross-posting),
>>
>> I've fixed Skinny's problem of leaking Plone views like
>> '/folder_listing' and friends.
>
> Just curious - how did you achieve this?
Using plone.postpublicationhook. Which is what I think you suggested at
some point.
The implementation allows anything that has gone through the main view
(and thus has been marked as IPublicLayerOK), plus anything that has
"/++resource++skinny/" in it. I've thought about whitelisting anything
that doesn't have a header content type of "text/html" instead, but I
guess both work equally well.
http://dev.plone.org/collective/changeset/84413
--
http://danielnouri.org
More information about the UI
mailing list