diff options
author | Joey Hess <joey@gnu.kitenet.net> | 2010-04-10 15:29:31 -0400 |
---|---|---|
committer | Joey Hess <joey@gnu.kitenet.net> | 2010-04-10 15:29:31 -0400 |
commit | d2c36a6f4b8b4bf30d59c430893a88352ac208fc (patch) | |
tree | 4f2e65ed98f10c9de0e15fc83565e0b0d5348b54 /doc/bugs | |
parent | 1004e6c739aaf2d66acd41e5a8a8fc3b6d4ba2c1 (diff) | |
download | ikiwiki-d2c36a6f4b8b4bf30d59c430893a88352ac208fc.tar ikiwiki-d2c36a6f4b8b4bf30d59c430893a88352ac208fc.tar.gz |
close
Diffstat (limited to 'doc/bugs')
-rw-r--r-- | doc/bugs/some_but_not_all_meta_fields_are_stored_escaped.mdwn | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/bugs/some_but_not_all_meta_fields_are_stored_escaped.mdwn b/doc/bugs/some_but_not_all_meta_fields_are_stored_escaped.mdwn index 8e1ca42e0..587771ba4 100644 --- a/doc/bugs/some_but_not_all_meta_fields_are_stored_escaped.mdwn +++ b/doc/bugs/some_but_not_all_meta_fields_are_stored_escaped.mdwn @@ -20,6 +20,9 @@ Points of extra subtlety: that that's what Xapian wants anyway (which is why I didn't change it), but I could be wrong... + > AFAICS, this if anything, fixes a bug, xapian definitely expects + > unescaped text here. --[[Joey]] + * Page descriptions in the HTML `<head>` were previously double-escaped: the description was stored escaped with numeric entities, then that was output with a second layer of escaping! In this branch, I just emit @@ -37,3 +40,5 @@ Points of extra subtlety: contained markup could appear unescaped on any page that inlines them in `quick=yes` mode, and is rebuilt for some other reason. The failure mode here would be too little escaping, i.e. cross-site scripting. + +[[!tag done]] |