diff options
author | intrigeri <intrigeri@boum.org> | 2010-06-25 23:18:34 +0200 |
---|---|---|
committer | intrigeri <intrigeri@boum.org> | 2010-06-25 23:18:57 +0200 |
commit | a128c256a51392fcf752bf612d83a90e8c68027e (patch) | |
tree | bb7e9a73df42d589cabe4dc09ce269e5936f9b29 /doc/plugins/po | |
parent | 903a71c1b9d71bcd10442bee695da6efd4ec953d (diff) |
po: added support for html pagetype
... after having audited the po4a Xml and Xhtml modules for security issues.
Signed-off-by: intrigeri <intrigeri@boum.org>
Diffstat (limited to 'doc/plugins/po')
-rw-r--r-- | doc/plugins/po/discussion.mdwn | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/plugins/po/discussion.mdwn b/doc/plugins/po/discussion.mdwn index 27683f1ea..73858c818 100644 --- a/doc/plugins/po/discussion.mdwn +++ b/doc/plugins/po/discussion.mdwn @@ -150,6 +150,23 @@ The following analysis was done with his help. variables; according to [[Joey]], this is "Freaky code, but seems ok due to use of `quotementa`". +##### Locale::Po4a::Xhtml + +* does not run any external program +* does not build regexp's from untrusted variables + +=> Seems safe as far as the `includessi` option is disabled; the po +plugin explicitly disables it. + +Relies on Locale::Po4a::Xml` to do most of the work. + +##### Locale::Po4a::Xml + +* does not run any external program +* the `includeexternal` option makes it able to read external files; + the po plugin explicitly disables it +* untrusted variables are escaped when used to build regexp's + ##### Text::WrapI18N `Text::WrapI18N` can cause DoS |