diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/plugins/meta.mdwn | 3 | ||||
| -rw-r--r-- | doc/security.mdwn | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/doc/plugins/meta.mdwn b/doc/plugins/meta.mdwn index 0696dc08e..479d62c43 100644 --- a/doc/plugins/meta.mdwn +++ b/doc/plugins/meta.mdwn @@ -85,6 +85,9 @@ Supported fields: However, this latter syntax won't be allowed if the [[htmlscrubber]] is enabled, since it can be used to insert unsafe content. + For both cases, an anchor to jump to inside the destination page may also be + specified using the common `PAGE#ANCHOR` syntax. + If the field is not one of the above predefined fields, the metadata will be written to the generated html page as a <meta> header. However, this won't be allowed if the [[htmlscrubber]] is enabled, since it can be used to diff --git a/doc/security.mdwn b/doc/security.mdwn index 6e1d56a52..c51cd5b95 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -341,7 +341,7 @@ There are at least two configurations where this is exploitable: notice. This security hole was discovered on 26 November 2007 and fixed the same -da with the release of ikiwiki 2.14. I recommend upgrading to this version +day with the release of ikiwiki 2.14. I recommend upgrading to this version if your wiki can be committed to by third parties. Alternatively, don't use a trailing slash in the srcdir, and avoid the (unusual) configurations that allow the security hole to be exploited. |