response

author: Joey Hess <joey@gnu.kitenet.net> 2010-03-12 15:40:47 -0500
committer: Joey Hess <joey@gnu.kitenet.net> 2010-03-12 15:40:47 -0500
commit: 08485ec444cf81015e39c52e6ce8e7b933a036f6 (patch)
tree: 42b7aa982b58d90d886f9b6700255ff2ade7edf9 /doc
parent: afa930a9c4ada59ea840d626f583f8b4fb3c3f20 (diff)
download: ikiwiki-08485ec444cf81015e39c52e6ce8e7b933a036f6.tar
ikiwiki-08485ec444cf81015e39c52e6ce8e7b933a036f6.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/todo/finer_control_over___60__object___47____62__s.mdwn b/doc/todo/finer_control_over___60__object___47____62__s.mdwn
index 714f5ae50..ac4b55568 100644
--- a/doc/todo/finer_control_over___60__object___47____62__s.mdwn
+++ b/doc/todo/finer_control_over___60__object___47____62__s.mdwn
@@ -27,6 +27,13 @@ For Ikiwiki, it may be nice to be able to restrict [URI's][URI] (as required by
 
 [[wishlist]]
 
+> SVG can contain embedded javascript. The spec that you link to contains
+> examples of objects that contain python scripts, Microsoft OLE 
+> objects, and Java. And then there's flash. I don't think ikiwiki can
+> assume all the possibilities are handled securely, particularly WRT XSS
+> attacks.
+> --[[Joey]]
+
 ## See also
 
 * [Objects, Images, and Applets in HTML documents][objects-html]
author	Joey Hess <joey@gnu.kitenet.net>	2010-03-12 15:40:47 -0500
committer	Joey Hess <joey@gnu.kitenet.net>	2010-03-12 15:40:47 -0500
commit	08485ec444cf81015e39c52e6ce8e7b933a036f6 (patch)
tree	42b7aa982b58d90d886f9b6700255ff2ade7edf9 /doc
parent	afa930a9c4ada59ea840d626f583f8b4fb3c3f20 (diff)
download	ikiwiki-08485ec444cf81015e39c52e6ce8e7b933a036f6.tar ikiwiki-08485ec444cf81015e39c52e6ce8e7b933a036f6.tar.gz