diff options
author | Joey Hess <joey@kitenet.net> | 2011-03-28 12:21:12 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2011-03-28 12:21:12 -0400 |
commit | be02a80b7a19f3c33a8ea42c0750d94e0a91206f (patch) | |
tree | 1ffc2ec9905bf2662c9766d95e96430959ef2d2d /doc/ikiwiki/directive | |
parent | a0e31f38d55f659ed9ef07ce16482308807435f8 (diff) |
meta: Security fix; don't allow alternative stylesheets to be added on pages where the htmlscrubber is enabled.
Diffstat (limited to 'doc/ikiwiki/directive')
-rw-r--r-- | doc/ikiwiki/directive/meta.mdwn | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/ikiwiki/directive/meta.mdwn b/doc/ikiwiki/directive/meta.mdwn index d66e26fc4..50aaf66be 100644 --- a/doc/ikiwiki/directive/meta.mdwn +++ b/doc/ikiwiki/directive/meta.mdwn @@ -77,6 +77,10 @@ Supported fields: \[[!meta stylesheet=somestyle rel="alternate stylesheet" title="somestyle"]] + + However, this will be scrubbed away if the + [[!iki plugins/htmlscrubber desc=htmlscrubber]] plugin is enabled, + since it can be used to insert unsafe content. * openid |