From 0f28f310472a333134af63a18b73372f044b8278 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@gnu.kitenet.net>
Date: Fri, 26 Mar 2010 00:12:22 -0400
Subject: security?

---
 doc/plugins/contrib/pod/discussion.mdwn | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 doc/plugins/contrib/pod/discussion.mdwn

(limited to 'doc/plugins/contrib/pod/discussion.mdwn')

diff --git a/doc/plugins/contrib/pod/discussion.mdwn b/doc/plugins/contrib/pod/discussion.mdwn
new file mode 100644
index 000000000..8f4b625ee
--- /dev/null
+++ b/doc/plugins/contrib/pod/discussion.mdwn
@@ -0,0 +1,8 @@
+My one concern about this plugin is the `=for` markup in POD.
+
+> Some format names that formatters currently are known to
+> accept include "roff", "man", "latex", "tex", "text", and "html".
+
+I don't know which of these [[!cpan Pod::Xml]] supports. If it currently
+supports, or later support latex, that could be problimatic since that
+could maybe be used to include files or run code. --[[Joey]]
-- 
cgit v1.2.3


From 3cea3eb5da0a8f09a495deea9f2a2c73dc76deab Mon Sep 17 00:00:00 2001
From: "http://kerravonsen.dreamwidth.org/"
 <http://kerravonsen.dreamwidth.org/@web>
Date: Fri, 26 Mar 2010 04:30:43 +0000
Subject: response

---
 doc/plugins/contrib/pod/discussion.mdwn | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'doc/plugins/contrib/pod/discussion.mdwn')

diff --git a/doc/plugins/contrib/pod/discussion.mdwn b/doc/plugins/contrib/pod/discussion.mdwn
index 8f4b625ee..76e858680 100644
--- a/doc/plugins/contrib/pod/discussion.mdwn
+++ b/doc/plugins/contrib/pod/discussion.mdwn
@@ -3,6 +3,8 @@ My one concern about this plugin is the `=for` markup in POD.
 > Some format names that formatters currently are known to
 > accept include "roff", "man", "latex", "tex", "text", and "html".
 
-I don't know which of these [[!cpan Pod::Xml]] supports. If it currently
+I don't know which of these [[!cpan Pod::Xhtml]] supports. If it currently
 supports, or later support latex, that could be problimatic since that
 could maybe be used to include files or run code. --[[Joey]]
+
+> I don't know, either; the documentation for [[!cpan Pod:Xhtml]] is silent on this subject. --[[KathrynAndersen]]
-- 
cgit v1.2.3


From 6fd59908ba8f6999f63c94c918f8c309ed108f74 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@gnu.kitenet.net>
Date: Tue, 6 Apr 2010 14:06:29 -0400
Subject: comment

---
 doc/plugins/contrib/pod/discussion.mdwn | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'doc/plugins/contrib/pod/discussion.mdwn')

diff --git a/doc/plugins/contrib/pod/discussion.mdwn b/doc/plugins/contrib/pod/discussion.mdwn
index 76e858680..9187b1350 100644
--- a/doc/plugins/contrib/pod/discussion.mdwn
+++ b/doc/plugins/contrib/pod/discussion.mdwn
@@ -8,3 +8,7 @@ supports, or later support latex, that could be problimatic since that
 could maybe be used to include files or run code. --[[Joey]]
 
 > I don't know, either; the documentation for [[!cpan Pod:Xhtml]] is silent on this subject. --[[KathrynAndersen]]
+
+>> I'm afraid the only approach is to audit the existing code in the perl
+>> module(s), and then hope nothing is added to them later that opens a
+>> security hole. --[[Joey]] 
-- 
cgit v1.2.3