From be02a80b7a19f3c33a8ea42c0750d94e0a91206f Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Mon, 28 Mar 2011 12:21:12 -0400
Subject: meta: Security fix; don't allow alternative stylesheets to be added
 on pages where the htmlscrubber is enabled.

---
 doc/ikiwiki/directive/meta.mdwn | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'doc/ikiwiki/directive')

diff --git a/doc/ikiwiki/directive/meta.mdwn b/doc/ikiwiki/directive/meta.mdwn
index d66e26fc4..50aaf66be 100644
--- a/doc/ikiwiki/directive/meta.mdwn
+++ b/doc/ikiwiki/directive/meta.mdwn
@@ -77,6 +77,10 @@ Supported fields:
 
 	\[[!meta stylesheet=somestyle rel="alternate stylesheet"
 	title="somestyle"]]
+  
+  However, this will be scrubbed away if the 
+  [[!iki plugins/htmlscrubber desc=htmlscrubber]] plugin is enabled,
+  since it can be used to insert unsafe content.
 
 * openid
 
-- 
cgit v1.2.3