diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/ikiwiki/directive/meta.mdwn | 4 | ||||
| -rw-r--r-- | doc/security.mdwn | 11 |
2 files changed, 15 insertions, 0 deletions
diff --git a/doc/ikiwiki/directive/meta.mdwn b/doc/ikiwiki/directive/meta.mdwn index d66e26fc4..50aaf66be 100644 --- a/doc/ikiwiki/directive/meta.mdwn +++ b/doc/ikiwiki/directive/meta.mdwn @@ -77,6 +77,10 @@ Supported fields: \[[!meta stylesheet=somestyle rel="alternate stylesheet" title="somestyle"]] + + However, this will be scrubbed away if the + [[!iki plugins/htmlscrubber desc=htmlscrubber]] plugin is enabled, + since it can be used to insert unsafe content. * openid diff --git a/doc/security.mdwn b/doc/security.mdwn index 770927e26..2b387ac23 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -463,3 +463,14 @@ This hole was discovered on 22 Jan 2011 and fixed the same day with the release of ikiwiki 3.20110122. A fix was backported to Debian squeeze, as version 3.20100815.5. An upgrade is recommended for sites with the comments plugin enabled. ([[!cve CVE-2011-0428]]) + +## possible javascript insertion via insufficient htmlscrubbing of alternate stylesheets + +Tango noticed that 'meta stylesheet` directives allowed anyone +who could upload a malicious stylesheet to a site to add it to a +page as an alternate stylesheet. In order to be exploited, the user +would have to select the alternative stylesheet in their browser. + +This hole was discovered on 28 Mar 2011 and fixed the same hour with +the release of ikiwiki 3.20110328. An upgrade is recommended for sites +that have untrusted committers, or have the attachments plugin enabled. |