diff options
author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-08-23 05:41:07 +0000 |
---|---|---|
committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-08-23 05:41:07 +0000 |
commit | 9d7375c3b263e77da29a5db22af480db8b99d990 (patch) | |
tree | 8cb9407a3893060b7868d8960db3ce0759092c2e /doc/security.mdwn | |
parent | 78b279c3d8c803391a5a4fc59ffd7855ce8bc5f5 (diff) |
* Allow preprocessor directives to contain python-like triple-quoted
text blocks, for easy nesting of quotes inside.
* Add a template plugin.
* Use the template plugin to add infoboxes to each plugin page listing basic
info about the plugin.
Diffstat (limited to 'doc/security.mdwn')
-rw-r--r-- | doc/security.mdwn | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn index f3567d155..dc763ef40 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -145,6 +145,13 @@ with a username containing html code (anymore). It's difficult to know for sure if all such avenues have really been closed though. +## HTML::Template security + +If the [[plugins/template]] plugin is enabled, users can modify templates +like any other part of the wiki. This assumes that HTML::Template is secure +when used with untrusted/malicious templates. (Note that includes are not +allowed, so that's not a problem.) + ---- # Fixed holes |