* Allow preprocessor directives to contain python-like triple-quoted

text blocks, for easy nesting of quotes inside. * Add a template plugin. * Use the template plugin to add infoboxes to each plugin page listing basic info about the plugin.
author: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-08-23 05:41:07 +0000
committer: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-08-23 05:41:07 +0000
commit: 9d7375c3b263e77da29a5db22af480db8b99d990 (patch)
tree: 8cb9407a3893060b7868d8960db3ce0759092c2e /doc/security.mdwn
parent: 78b279c3d8c803391a5a4fc59ffd7855ce8bc5f5 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index f3567d155..dc763ef40 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -145,6 +145,13 @@ with a username containing html code (anymore).
 It's difficult to know for sure if all such avenues have really been
 closed though.
 
+## HTML::Template security
+
+If the [[plugins/template]] plugin is enabled, users can modify templates
+like any other part of the wiki. This assumes that HTML::Template is secure
+when used with untrusted/malicious templates. (Note that includes are not
+allowed, so that's not a problem.)
+
 ----
 
 # Fixed holes
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-08-23 05:41:07 +0000
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-08-23 05:41:07 +0000
commit	9d7375c3b263e77da29a5db22af480db8b99d990 (patch)
tree	8cb9407a3893060b7868d8960db3ce0759092c2e /doc/security.mdwn
parent	78b279c3d8c803391a5a4fc59ffd7855ce8bc5f5 (diff)