
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    Steve,<br>

    <blockquote type="cite"

cite="mid:CAMrKZ98PGB6mE1r-W9CyL3L=-xePPku9emnkGD1u5QNLqFnA+g@mail.gmail.com">

      <div dir="ltr">

        <div>I'm interested in what folks think about the Inja

          templating/includes issues detailed in the Security

          Considerations -> Template Handling section.</div>

      </div>

    </blockquote>

    Templates are supposed to be under full control of the mapserver

    administrator, and not users triggering the API, right ? So I'm not

    sure what actual security issue there is.<br>

    <blockquote type="cite"

cite="mid:CAMrKZ98PGB6mE1r-W9CyL3L=-xePPku9emnkGD1u5QNLqFnA+g@mail.gmail.com">

      <div dir="ltr">

        <div><span

style="color:rgb(62,67,73);font-family:Arial,sans-serif;font-size:12.8px"><br>

          </span></div>

        <div><span

style="color:rgb(62,67,73);font-family:Arial,sans-serif;font-size:12.8px"><i><b>task:</b>

              add ows_contact* information to the landing page (from the

              associated values set in the mapfile)</i></span></div>

      </div>

    </blockquote>

    Probably done per

<a class="moz-txt-link-freetext" href="https://github.com/MapServer/MapServer/pull/6180/commits/246e52e9884c0d83373c21afb0d45d3b9850b1dd#diff-9b6e48b47f13dba7ffabed64a2061ed7c8fe48c202ec1c7c5277b9cf95ecac86R26">https://github.com/MapServer/MapServer/pull/6180/commits/246e52e9884c0d83373c21afb0d45d3b9850b1dd#diff-9b6e48b47f13dba7ffabed64a2061ed7c8fe48c202ec1c7c5277b9cf95ecac86R26</a>

    and

<a class="moz-txt-link-freetext" href="https://github.com/MapServer/MapServer/pull/6180/commits/246e52e9884c0d83373c21afb0d45d3b9850b1dd#diff-46e72d45fbe7adb5c2df20d7e4a963164b077f5505152841bdd6a2ce022ac42dR1166">https://github.com/MapServer/MapServer/pull/6180/commits/246e52e9884c0d83373c21afb0d45d3b9850b1dd#diff-46e72d45fbe7adb5c2df20d7e4a963164b077f5505152841bdd6a2ce022ac42dR1166</a><br>

    <blockquote type="cite"

cite="mid:CAMrKZ98PGB6mE1r-W9CyL3L=-xePPku9emnkGD1u5QNLqFnA+g@mail.gmail.com">

      <div dir="ltr">

        <div>I don't think contact information is part of the core

          specification is it? I see pygeoapi does support it but is

          there a standard approach...</div>

      </div>

    </blockquote>

    <p>It is used for the /api end point and is optional.</p>

    <p>Anyway, regarding other items in the wishlist, we should merge

      the current work ASAP and deal with further changes as increments

      / tickets.<br>

    </p>

    --

    <pre class="moz-signature" cols="72"><a class="moz-txt-link-freetext" href="http://www.spatialys.com">http://www.spatialys.com</a>

My software is free, but my time generally not.</pre>

  </body>

</html>