diff options
| author | spalax <spalax@web> | 2016-05-31 16:49:26 -0400 |
|---|---|---|
| committer | admin <admin@branchable.com> | 2016-05-31 16:49:26 -0400 |
| commit | a3f48a1106e4b3ae3db8b660b97a3b49f5598914 (patch) | |
| tree | a5950ff855a4b45df0a1113166a1ee8493318b76 /doc/plugins | |
| parent | 182a2ad99208169084e6b4fc8ef33222d46eba5a (diff) | |
| download | ikiwiki-a3f48a1106e4b3ae3db8b660b97a3b49f5598914.tar ikiwiki-a3f48a1106e4b3ae3db8b660b97a3b49f5598914.tar.gz | |
More about security
Diffstat (limited to 'doc/plugins')
| -rw-r--r-- | doc/plugins/contrib/bibtex2html/discussion.mdwn | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/plugins/contrib/bibtex2html/discussion.mdwn b/doc/plugins/contrib/bibtex2html/discussion.mdwn index 86686929c..3e4207e4e 100644 --- a/doc/plugins/contrib/bibtex2html/discussion.mdwn +++ b/doc/plugins/contrib/bibtex2html/discussion.mdwn @@ -112,6 +112,10 @@ Right now, it is not possible for the [[plugins/contrib/compile]] plugin to rend >>>> which prevents (?) shell injections. This adds the burden of manipulating >>>> arrays instead of strings, but security should be improved. >>>> +>>>> But none of those ideas solve the problems you mentionned, being that +>>>> external commands can do nasty things (the `-oclobberfile` option of +>>>> `bibtex2html`) or contain bugs (like ImageMagick). +>>>> >>>> If we want to merge this plugin and compile, I think a better idea than the one >>>> I proposed at the beginning of the discussion would be to provide two different >>>> directives: a `\[[!compile "foo.bar"]]` would compile the file and render it as a |