diff options
| author | intrigeri <intrigeri@boum.org> | 2010-06-25 23:18:34 +0200 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2010-07-04 15:27:02 -0400 |
| commit | cd03bd0b804cf4919a5d195c53bcea1f9730a51f (patch) | |
| tree | 321fff84eef495691c73d61cdac29eac3f165afa /doc/plugins | |
| parent | 8fe277c2ab42393b754fc65d966bf4ec242719ab (diff) | |
| download | ikiwiki-cd03bd0b804cf4919a5d195c53bcea1f9730a51f.tar ikiwiki-cd03bd0b804cf4919a5d195c53bcea1f9730a51f.tar.gz | |
po: added support for html pagetype
... after having audited the po4a Xml and Xhtml modules for security issues.
Signed-off-by: intrigeri <intrigeri@boum.org>
(cherry picked from commit a128c256a51392fcf752bf612d83a90e8c68027e)
Diffstat (limited to 'doc/plugins')
| -rw-r--r-- | doc/plugins/po.mdwn | 10 | ||||
| -rw-r--r-- | doc/plugins/po/discussion.mdwn | 17 |
2 files changed, 22 insertions, 5 deletions
diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn index 646d0cef3..fab6053b3 100644 --- a/doc/plugins/po.mdwn +++ b/doc/plugins/po.mdwn @@ -213,16 +213,16 @@ preferred `$EDITOR`, without needing to be online. Markup languages support ------------------------ -[[Markdown|mdwn]] is well supported. Some other markup languages supported -by ikiwiki mostly work, but some pieces of syntax are not rendered -correctly on the slave pages: +[[Markdown|mdwn]] and [[html]] are well supported. Some other markup +languages supported by ikiwiki mostly work, but some pieces of syntax +are not rendered correctly on the slave pages: * [[reStructuredText|rst]]: anonymous hyperlinks and internal cross-references * [[wikitext]]: conversion of newlines to paragraphs * [[creole]]: verbatim text is wrapped, tables are broken -* [[html]] and LaTeX: not supported yet; the dedicated po4a modules - could be used to support them, but they would need a security audit +* LaTeX: not supported yet; the dedicated po4a module + could be used to support it, but it would need a security audit * other markup languages have not been tested. Security diff --git a/doc/plugins/po/discussion.mdwn b/doc/plugins/po/discussion.mdwn index 27683f1ea..73858c818 100644 --- a/doc/plugins/po/discussion.mdwn +++ b/doc/plugins/po/discussion.mdwn @@ -150,6 +150,23 @@ The following analysis was done with his help. variables; according to [[Joey]], this is "Freaky code, but seems ok due to use of `quotementa`". +##### Locale::Po4a::Xhtml + +* does not run any external program +* does not build regexp's from untrusted variables + +=> Seems safe as far as the `includessi` option is disabled; the po +plugin explicitly disables it. + +Relies on Locale::Po4a::Xml` to do most of the work. + +##### Locale::Po4a::Xml + +* does not run any external program +* the `includeexternal` option makes it able to read external files; + the po plugin explicitly disables it +* untrusted variables are escaped when used to build regexp's + ##### Text::WrapI18N `Text::WrapI18N` can cause DoS |