diff options
| -rw-r--r-- | doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn index 30f9f7d0a..0fa79a1b7 100644 --- a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn +++ b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn @@ -28,9 +28,11 @@ I can also submit a Git patch, if desired. It might be doable to add references to pages that refer to the page containg the forwarding statement also to the referred-to page. - --[[tschwinge]] + +# Discussion + > The html scrubber cannot scrub meta headers. So if you emit one > containing user-supplied data, it's up to you to scrub it to avoid all > possible XSS attacks. Two attacks I'd worry about are cyclic meta refresh |