diff options
author | Joey Hess <joey@kodama.kitenet.net> | 2008-03-03 16:07:46 -0500 |
---|---|---|
committer | Joey Hess <joey@kodama.kitenet.net> | 2008-03-03 16:07:46 -0500 |
commit | 713845f34223a0401e42b3b1299868db355e84c0 (patch) | |
tree | 62e0cdab6a9b9513f3388d2125fa03a54f298dde /doc/ikiwiki | |
parent | c9df38fe331824902dae237c7200f60a036aed00 (diff) |
response
Diffstat (limited to 'doc/ikiwiki')
-rw-r--r-- | doc/ikiwiki/formatting/discussion.mdwn | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/ikiwiki/formatting/discussion.mdwn b/doc/ikiwiki/formatting/discussion.mdwn index 0a729af51..0a8d6f567 100644 --- a/doc/ikiwiki/formatting/discussion.mdwn +++ b/doc/ikiwiki/formatting/discussion.mdwn @@ -7,3 +7,14 @@ In the HTML page I get this: while it the href="" attribute should also be encoded. --mike + +> The htmlscrubber removes entity encoding obfuscation from tag attributes +> This has to be done because such entity encoding can be used to hide +> javascript and other nonsense in html tag attributes. As a consequence, +> markdown's mail obfuscation is reverted. +> +> I don't really see this as a serious issue, because if I were working for +> a spammer, I would include entity decoding in my web spider that searched +> for emails. And I could do it easily, as evidenced by the code in the +> htmlscrubber that doe it. So I assume this technique is not very effective +> at blocking spam. --[[Joey]] |