summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/security.mdwn4
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 52d9d3dc0..770927e26 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -441,7 +441,7 @@ A fix was also backported to Debian etch, as version 2.53.5. I recommend
upgrading to one of these versions if your wiki can be edited by third
parties.
-## javascript insertation via insufficient htmlscrubbing of comments
+## javascript insertion via insufficient htmlscrubbing of comments
Kevin Riggle noticed that it was not possible to configure
`htmlscrubber_skip` to scrub comments while leaving unscubbed the text
@@ -454,7 +454,7 @@ preview or moderation of comments with such a configuration.
These problems were discovered on 12 November 2010 and fixed the same
hour with the release of ikiwiki 3.20101112. ([[!cve CVE-2010-1673]])
-## javascript insertation via insufficient checking in comments
+## javascript insertion via insufficient checking in comments
Dave B noticed that attempting to comment on an illegal page name could be
used for an XSS attack.