18 lines
788 B
Plaintext
18 lines
788 B
Plaintext
|
ikiwiki 2.32.3 released with [[toggle text="these changes"]]
|
||
|
[[toggleable text="""
|
||
|
* [ Josh Triplett ]
|
||
|
* Do not allow the about: URI scheme; some browsers interpret about:
|
||
|
URIs like a limited version of data: URIs. In particular, some
|
||
|
versions of Internet Explorer interpret arbitrary HTML content in
|
||
|
about: URIs.
|
||
|
* Also filter the attributes cite, longdesc, and usemap, which can contain
|
||
|
URIs.
|
||
|
* [ Joey Hess ]
|
||
|
* meta: Check that the urls provided for authorurl, permalink, and openid
|
||
|
are safe and can't contain javascript.
|
||
|
* [ Josh Triplett ]
|
||
|
* Match literal '.' in URI schemas containing '.', rather than matching any
|
||
|
character.
|
||
|
* Do not allow the steam: URI scheme.
|
||
|
* Allow the snews: URI scheme.
|
||
|
* Allow the smb: URI scheme."""]]
|