科技回声

ISTM the post has a somewhat nasty and judgmental tone. Instead of saying, "ha ha, gotcha!", an issue could have been filed on GitHub and it would have been quickly fixed. Instead, the OP seems to be publicity seeking. IMO, this isn't worthy of being on Hacker News.

>I am surprised this survived so long.Maybe it wouldn't survive that long if people opened issues for this sort of thing in appropriate places (perhaps <a href="https://github.com/python/docs-community">https://github.com/python/docs-community</a> ), rather than spontaneously expecting an underfunded open source project to think about the documentation of decades-old functionality that barely anyone would consider using for new code (and which has been removed in the latest version anyway).(At this scale, or anywhere close to it, the only OSS orgs I would consider not underfunded are Linux and Mozilla. And if you count non-code Creative Commons stuff, Wikimedia.)

"If you don't Read The Fine Manual then you are uninformed, if you read it you are disinformed." This is a gem! There should be more disclaimers in the documentation about potential vulnerabilities like XSS.

My first thought was "who's still using CGI?" then I read the docs:> Deprecated since version 3.11, will be removed in version 3.13

does it count as cross site scripting if there is no way to send the result to someone else?

My first thought was "who's still using CGI?" then I read the docs:> Deprecated since version 3.11, will be removed in version 3.13

does it count as cross site scripting if there is no way to send the result to someone else?

Python's official documentation contains textbook example of insecure code (XSS)

5 条评论

Python's official documentation contains textbook example of insecure code (XSS)

5 条评论