response

author: Joey Hess <joey@kodama.kitenet.net> 2008-03-03 16:07:46 -0500
committer: Joey Hess <joey@kodama.kitenet.net> 2008-03-03 16:07:46 -0500
commit: 713845f34223a0401e42b3b1299868db355e84c0 (patch)
tree: 62e0cdab6a9b9513f3388d2125fa03a54f298dde /doc/ikiwiki/formatting
parent: c9df38fe331824902dae237c7200f60a036aed00 (diff)
download: ikiwiki-713845f34223a0401e42b3b1299868db355e84c0.tar
ikiwiki-713845f34223a0401e42b3b1299868db355e84c0.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/ikiwiki/formatting/discussion.mdwn b/doc/ikiwiki/formatting/discussion.mdwn
index 0a729af51..0a8d6f567 100644
--- a/doc/ikiwiki/formatting/discussion.mdwn
+++ b/doc/ikiwiki/formatting/discussion.mdwn
@@ -7,3 +7,14 @@ In the HTML page I get this:
 while it the href="" attribute should also be encoded.
 
 --mike
+
+> The htmlscrubber removes entity encoding obfuscation from tag attributes
+> This has to be done because such entity encoding can be used to hide
+> javascript and other nonsense in html tag attributes. As a consequence,
+> markdown's mail obfuscation is reverted.
+> 
+> I don't really see this as a serious issue, because if I were working for
+> a spammer, I would include entity decoding in my web spider that searched
+> for emails. And I could do it easily, as evidenced by the code in the
+> htmlscrubber that doe it. So I assume this technique is not very effective
+> at blocking spam. --[[Joey]]
author	Joey Hess <joey@kodama.kitenet.net>	2008-03-03 16:07:46 -0500
committer	Joey Hess <joey@kodama.kitenet.net>	2008-03-03 16:07:46 -0500
commit	713845f34223a0401e42b3b1299868db355e84c0 (patch)
tree	62e0cdab6a9b9513f3388d2125fa03a54f298dde /doc/ikiwiki/formatting
parent	c9df38fe331824902dae237c7200f60a036aed00 (diff)
download	ikiwiki-713845f34223a0401e42b3b1299868db355e84c0.tar ikiwiki-713845f34223a0401e42b3b1299868db355e84c0.tar.gz