summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@kitenet.net>2010-04-23 17:38:37 -0400
committerJoey Hess <joey@kitenet.net>2010-04-23 17:38:37 -0400
commit1473bf84c525d18f933fa2dcae86628af9dfff76 (patch)
treeac760f0b37a74a22cfa7639a5af8b37029edd8c1
parent33b0a69e90f4c2e22fe0e0c812836a2eb661c6d2 (diff)
update re template change
-rw-r--r--doc/security.mdwn7
1 files changed, 4 insertions, 3 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 21aef316b..34a005239 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -162,10 +162,11 @@ closed though.
## HTML::Template security
-If the [[plugins/template]] plugin is enabled, users can modify templates
-like any other part of the wiki. This assumes that HTML::Template is secure
+If the [[plugins/template]] plugin is enabled, all users can modify templates
+like any other part of the wiki. Some trusted users can modify templates
+without it too. This assumes that HTML::Template is secure
when used with untrusted/malicious templates. (Note that includes are not
-allowed, so that's not a problem.)
+allowed.)
----