Check content of the string to identify potentially unsafe content in the provided string. The content is unsafe, when it contains externally provided content, which might be provided e.g. via query variables, or via user values stored in the database. When such content contains square braces, a "subst" command on theses can evaluate arbitrary commands, which is dangerous.
The new API call is used in "::xo::Package->return_page", where the "subst" command stripped from its command substitution capabilities. In case, command subsitution is needed, perform this prior this call.
bumped acs-tcl to 5.10.1d23 bumped xotcl-core to 5.10.1d13
Loading ...