summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2007-11-12 14:14:00 -0500
committerJoey Hess <joey@kodama.kitenet.net>2007-11-12 14:14:00 -0500
commitd9e9e474a8df4abf14ca2d0a4d673f9af8812e13 (patch)
tree22b42bfd90a9bd5e6970c9d0968ff1298f9bcddf
parentc8bf872775f3eb53b99b575c2ca5bd1c39d8b38c (diff)
security issues
-rw-r--r--doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn9
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn
index 30bcbd58f..5cd4def38 100644
--- a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn
+++ b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn
@@ -24,3 +24,12 @@ I can also submit a Git patch, if desired.
--[[tschwinge]]
+
+> The html scrubber cannot scrub meta headers. So if you emit one
+> containing user-supplied data, it's up to you to scrub it to avoid all
+> possible XSS attacks. Two attacks I'd worry about are cyclic meta refresh
+> loops, which some, but not all web browsers detect and break, and any way
+> to insert javascript via the user-supplied parameters. (Ie, putting
+> something in the delay value that closes the tag can probably insert
+> javascript ATM; and are there ways to embed javascript in the url?)
+> --[[Joey]]