diff options
author | intrigeri <intrigeri@boum.org> | 2010-06-25 23:18:34 +0200 |
---|---|---|
committer | intrigeri <intrigeri@boum.org> | 2010-06-25 23:18:57 +0200 |
commit | a128c256a51392fcf752bf612d83a90e8c68027e (patch) | |
tree | bb7e9a73df42d589cabe4dc09ce269e5936f9b29 /doc | |
parent | 903a71c1b9d71bcd10442bee695da6efd4ec953d (diff) |
po: added support for html pagetype
... after having audited the po4a Xml and Xhtml modules for security issues.
Signed-off-by: intrigeri <intrigeri@boum.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/plugins/po.mdwn | 10 | ||||
-rw-r--r-- | doc/plugins/po/discussion.mdwn | 17 |
2 files changed, 22 insertions, 5 deletions
diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn index 576d36ec1..585e14383 100644 --- a/doc/plugins/po.mdwn +++ b/doc/plugins/po.mdwn @@ -213,16 +213,16 @@ preferred `$EDITOR`, without needing to be online. Markup languages support ------------------------ -[[Markdown|mdwn]] is well supported. Some other markup languages supported -by ikiwiki mostly work, but some pieces of syntax are not rendered -correctly on the slave pages: +[[Markdown|mdwn]] and [[html]] are well supported. Some other markup +languages supported by ikiwiki mostly work, but some pieces of syntax +are not rendered correctly on the slave pages: * [[reStructuredText|rst]]: anonymous hyperlinks and internal cross-references * [[wikitext]]: conversion of newlines to paragraphs * [[creole]]: verbatim text is wrapped, tables are broken -* [[html]] and LaTeX: not supported yet; the dedicated po4a modules - could be used to support them, but they would need a security audit +* LaTeX: not supported yet; the dedicated po4a module + could be used to support it, but it would need a security audit * other markup languages have not been tested. Security diff --git a/doc/plugins/po/discussion.mdwn b/doc/plugins/po/discussion.mdwn index 27683f1ea..73858c818 100644 --- a/doc/plugins/po/discussion.mdwn +++ b/doc/plugins/po/discussion.mdwn @@ -150,6 +150,23 @@ The following analysis was done with his help. variables; according to [[Joey]], this is "Freaky code, but seems ok due to use of `quotementa`". +##### Locale::Po4a::Xhtml + +* does not run any external program +* does not build regexp's from untrusted variables + +=> Seems safe as far as the `includessi` option is disabled; the po +plugin explicitly disables it. + +Relies on Locale::Po4a::Xml` to do most of the work. + +##### Locale::Po4a::Xml + +* does not run any external program +* the `includeexternal` option makes it able to read external files; + the po plugin explicitly disables it +* untrusted variables are escaped when used to build regexp's + ##### Text::WrapI18N `Text::WrapI18N` can cause DoS |