summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn4
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn
index 30f9f7d0a..0fa79a1b7 100644
--- a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn
+++ b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn
@@ -28,9 +28,11 @@ I can also submit a Git patch, if desired.
It might be doable to add references to pages that refer to the page containg
the forwarding statement also to the referred-to page.
-
--[[tschwinge]]
+
+# Discussion
+
> The html scrubber cannot scrub meta headers. So if you emit one
> containing user-supplied data, it's up to you to scrub it to avoid all
> possible XSS attacks. Two attacks I'd worry about are cyclic meta refresh