diff options
author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-02-11 22:09:44 +0000 |
---|---|---|
committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-02-11 22:09:44 +0000 |
commit | a6f45ea2364cd9c54cd550c17b57c6480c10d360 (patch) | |
tree | 6463f835ebee14b21d46a6d515e37f934c8bc205 /doc/todo | |
parent | b3b5a019ab9949fec4904bb436219156a681d305 (diff) | |
download | ikiwiki-a6f45ea2364cd9c54cd550c17b57c6480c10d360.tar ikiwiki-a6f45ea2364cd9c54cd550c17b57c6480c10d360.tar.gz |
responses
Diffstat (limited to 'doc/todo')
-rw-r--r-- | doc/todo/shortcut_optional_parameters.mdwn | 7 | ||||
-rw-r--r-- | doc/todo/simple_text_parsing_or_regex_in_template_or_shortcut.mdwn | 15 |
2 files changed, 21 insertions, 1 deletions
diff --git a/doc/todo/shortcut_optional_parameters.mdwn b/doc/todo/shortcut_optional_parameters.mdwn index 494aac98a..4fd1eb9d4 100644 --- a/doc/todo/shortcut_optional_parameters.mdwn +++ b/doc/todo/shortcut_optional_parameters.mdwn @@ -22,3 +22,10 @@ Some possible syntax choices for the shortcut definition: \[[shortcut name=debfiles url="http://packages.debian.org/cgi-bin/search_contents.pl?word=$*&searchmode=filelist&case=insensitive&version=${dist=unstable}&arch=${arch=i386}"]] --[[JoshTriplett]] + +Well, you can already do this kind of thing with templates. Invocation does +look different: + + \[[template id=debfiles package=ikiwiki dist=testing]] + +--[[Joey]] diff --git a/doc/todo/simple_text_parsing_or_regex_in_template_or_shortcut.mdwn b/doc/todo/simple_text_parsing_or_regex_in_template_or_shortcut.mdwn index e6f77dd59..0f8badae8 100644 --- a/doc/todo/simple_text_parsing_or_regex_in_template_or_shortcut.mdwn +++ b/doc/todo/simple_text_parsing_or_regex_in_template_or_shortcut.mdwn @@ -7,4 +7,17 @@ shortcuts like these: For shortcut definitions, a `match` parameter could supply a regex, and then the `url` and `desc` parameters could make use of the named or numbered groups from the match. ---[[JoshTriplett]]
\ No newline at end of file +--[[JoshTriplett]] + +I'm not comfortable with exposing regexps to web editing. At the very least +it's trivial to construct regexps that take indefinitely long to match +certain strings, which could be used to DOS ikiwiki. At worst, perl code +can be embedded in regexps in a variety of ways that are painful to filter +out, and perl's regexp engine could also potentially have bugs that could +be exploited by user-supplied regexps. + +It seems that a better place to put this kind of text munging is in +special-purpose plugins. It should be very simple to write plugins for the +above two examples, that look identical to the user as what you described. + +--[[Joey]] |