summaryrefslogtreecommitdiff
path: root/doc/bugs/attachment_plugin_enabled_by_default__63__.mdwn
diff options
context:
space:
mode:
authorJosh Triplett <josh@joshtriplett.org>2009-08-28 23:07:27 -0700
committerJosh Triplett <josh@joshtriplett.org>2009-08-28 23:18:07 -0700
commit9f75d3b1f3c43820cff9ce554601f64c60d72b14 (patch)
tree0b8907816f99d63ac9579c9a56ad05bd1beb1abc /doc/bugs/attachment_plugin_enabled_by_default__63__.mdwn
parent03449610d6c666ba24bea68f01d896613e522278 (diff)
teximg: Make TeX handle preventing unsafe things; remove insufficient blacklist
TeX has configuration options that prevent unsafe things like shell escapes and insecure file reads/writes. Turn all of them on. teximg's regex-based blacklist does not suffice. For instance: [[!teximg code=""" \catcode`\%=0 %input{/etc/passwd} """]] Remove the blacklist, since the TeX configuration options seal off the underlying mechanisms more safely, and the blacklist blocks other TeX commands that can prove useful.
Diffstat (limited to 'doc/bugs/attachment_plugin_enabled_by_default__63__.mdwn')
0 files changed, 0 insertions, 0 deletions