diff options
| author | Joey Hess <joey@kitenet.net> | 2010-04-23 17:38:37 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2010-04-23 17:38:37 -0400 |
| commit | 1473bf84c525d18f933fa2dcae86628af9dfff76 (patch) | |
| tree | ac760f0b37a74a22cfa7639a5af8b37029edd8c1 | |
| parent | 33b0a69e90f4c2e22fe0e0c812836a2eb661c6d2 (diff) | |
update re template change
| -rw-r--r-- | doc/security.mdwn | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn index 21aef316b..34a005239 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -162,10 +162,11 @@ closed though. ## HTML::Template security -If the [[plugins/template]] plugin is enabled, users can modify templates -like any other part of the wiki. This assumes that HTML::Template is secure +If the [[plugins/template]] plugin is enabled, all users can modify templates +like any other part of the wiki. Some trusted users can modify templates +without it too. This assumes that HTML::Template is secure when used with untrusted/malicious templates. (Note that includes are not -allowed, so that's not a problem.) +allowed.) ---- |