urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

briefly describe XSS issue

master
smcv 2016-03-22 02:45:03 -04:00 committed by admin
parent 2d1615c340
commit 4cee48b3ea
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/plugins/contrib/remark.mdwn
View File

@ -21,10 +21,11 @@ not elegantly). Clicking through to the slides works right, of course.
See [[Discussion#inline]]. See [[Discussion#inline]].
## Concern: safety of web-editing ## Problem: safety of web-editing
Even though `remarkpage.tmpl` has no action links, is it still possible This plugin is not currently safe for wikis where `.remark` pages can be
for someone to trick their way into web-editing a slide deck? And if edited by untrusted users; the [[plugins/htmlscrubber]] is unlikely to be
they do, is that dangerous? able to prevent cross-site scripting in this plugin. Make sure only trusted
(administrative) users can create or edit `.remark` pages.
See [[Discussion#editing]]. See [[Discussion#editing]].