diff options
| author | Joey Hess <joey@wren.kitenet.net> | 2007-11-13 14:14:24 -0500 |
|---|---|---|
| committer | Joey Hess <joey@wren.kitenet.net> | 2007-11-13 14:14:24 -0500 |
| commit | d47b4ae39f848a09e71cf194556ea276d1489349 (patch) | |
| tree | dea03a73b9bc74441447b10409bde855a1c5d834 /doc/todo | |
| parent | 1bdad3513c40f60f75248dd7ac1ed7638ed1ed2a (diff) | |
web commit by tschwinge: Add a *Discussion* header.
Diffstat (limited to 'doc/todo')
| -rw-r--r-- | doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn index 30f9f7d0a..0fa79a1b7 100644 --- a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn +++ b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn @@ -28,9 +28,11 @@ I can also submit a Git patch, if desired. It might be doable to add references to pages that refer to the page containg the forwarding statement also to the referred-to page. - --[[tschwinge]] + +# Discussion + > The html scrubber cannot scrub meta headers. So if you emit one > containing user-supplied data, it's up to you to scrub it to avoid all > possible XSS attacks. Two attacks I'd worry about are cyclic meta refresh |