blob: 3d0177a52af5360ad774d1d696d38a7c7c9576cb (
plain)
ikiwiki 2.32.3 released with [[toggle text="these changes"]]
[[toggleable text="""
- [ Josh Triplett ]
- Do not allow the about: URI scheme; some browsers interpret about:
URIs like a limited version of data: URIs. In particular, some
versions of Internet Explorer interpret arbitrary HTML content in
about: URIs.
- Also filter the attributes cite, longdesc, and usemap, which can contain
URIs.
- [ Joey Hess ]
- meta: Check that the urls provided for authorurl, permalink, and openid
are safe and can't contain javascript.
- [ Josh Triplett ]
- Match literal '.' in URI schemas containing '.', rather than matching any
character.
- Do not allow the steam: URI scheme.
- Allow the snews: URI scheme.
- Allow the smb: URI scheme."""]]
|
