response

2010-03-12 15:40:47 -05:00 · 2010-03-12 15:40:47 -05:00 · 08485ec444
parent afa930a9c4
commit 08485ec444
1 changed files with 7 additions and 0 deletions
--- a/doc/todo/finer_control_over_60object_4762s.mdwn
+++ b/doc/todo/finer_control_over_60object_4762s.mdwn
@ -27,6 +27,13 @@ For Ikiwiki, it may be nice to be able to restrict [URI's][URI] (as required by

 [[wishlist]]

+> SVG can contain embedded javascript. The spec that you link to contains
+> examples of objects that contain python scripts, Microsoft OLE 
+> objects, and Java. And then there's flash. I don't think ikiwiki can
+> assume all the possibilities are handled securely, particularly WRT XSS
+> attacks.
+> --[[Joey]]
+
 ## See also

 * [Objects, Images, and Applets in HTML documents][objects-html]