summaryrefslogtreecommitdiff
path: root/doc/todo
diff options
context:
space:
mode:
authorJoey Hess <joey@wren.kitenet.net>2007-11-13 14:14:24 -0500
committerJoey Hess <joey@wren.kitenet.net>2007-11-13 14:14:24 -0500
commitd47b4ae39f848a09e71cf194556ea276d1489349 (patch)
treedea03a73b9bc74441447b10409bde855a1c5d834 /doc/todo
parent1bdad3513c40f60f75248dd7ac1ed7638ed1ed2a (diff)
web commit by tschwinge: Add a *Discussion* header.
Diffstat (limited to 'doc/todo')
-rw-r--r--doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn4
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn
index 30f9f7d0a..0fa79a1b7 100644
--- a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn
+++ b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn
@@ -28,9 +28,11 @@ I can also submit a Git patch, if desired.
It might be doable to add references to pages that refer to the page containg
the forwarding statement also to the referred-to page.
-
--[[tschwinge]]
+
+# Discussion
+
> The html scrubber cannot scrub meta headers. So if you emit one
> containing user-supplied data, it's up to you to scrub it to avoid all
> possible XSS attacks. Two attacks I'd worry about are cyclic meta refresh