summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2007-02-19 22:52:54 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2007-02-19 22:52:54 +0000
commitaa5c6c94fde1fc9d15a0ddc1189e1f273e0371e1 (patch)
tree21ce7aa35ad038dbd0280564eb9505afb292f5f3
parentbed393066a074a09d57bca7bfb38e53efa3ddb03 (diff)
web commit by JoshTriplett
-rw-r--r--doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn1
1 files changed, 1 insertions, 0 deletions
diff --git a/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn b/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn
new file mode 100644
index 000000000..832ae8363
--- /dev/null
+++ b/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn
@@ -0,0 +1 @@
+In style.css, please don't refer to the OpenID image on an external site. This reference allows that site to track users of ikiwikis and other sites supporting OpenID. Furthermore, this reference also opens up cross-site scripting vulnerabilities if the external site did something malicious. If the image has a Free Software license, please include it in ikiwiki, in the basewiki (preferably converted from gif to png). If the image does not have a Free Software license, please omit it, and allow users to choose to add it to their CSS themselves if they find the risks acceptable. --[[JoshTriplett]] \ No newline at end of file