summaryrefslogtreecommitdiff
path: root/doc/news/sanitization.mdwn
blob: 419d589c94edbb8c9b085b43e9efc88d00b008f4 (plain)

ikiwiki's main outstanding security hole, lack of html sanitization, has now been addressed. ikiwiki now sanitizes html by default, using the [[plugins/htmlscrubber]] plugin.

If only trusted parties can edit your wiki's content, then you might want to turn this sanitization back off to allow use of potentially dangerous tags. To do so, pass --disable-plugin=sanitize or edit the plugins configuration in your [[ikiwiki.setup]].