diff options
author | Joey Hess <joey@kodama.kitenet.net> | 2008-02-10 18:58:41 -0500 |
---|---|---|
committer | Joey Hess <joey@kodama.kitenet.net> | 2008-02-10 18:59:31 -0500 |
commit | 886adf9f9fea74560202fafcb4742ce26cd76416 (patch) | |
tree | 1aee6e580a6ba08a86acf7fcaf12c180e8ebab0e /doc | |
parent | 78c7f4dc71a86e181c40b80bcd92a869e399c858 (diff) | |
download | ikiwiki-886adf9f9fea74560202fafcb4742ce26cd76416.tar ikiwiki-886adf9f9fea74560202fafcb4742ce26cd76416.tar.gz |
add news item for ikiwiki 2.32.3
Diffstat (limited to 'doc')
-rw-r--r-- | doc/news/version_2.32.3.mdwn | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/doc/news/version_2.32.3.mdwn b/doc/news/version_2.32.3.mdwn new file mode 100644 index 000000000..3d0177a52 --- /dev/null +++ b/doc/news/version_2.32.3.mdwn @@ -0,0 +1,18 @@ +ikiwiki 2.32.3 released with [[toggle text="these changes"]] +[[toggleable text=""" + * [ Josh Triplett ] + * Do not allow the about: URI scheme; some browsers interpret about: + URIs like a limited version of data: URIs. In particular, some + versions of Internet Explorer interpret arbitrary HTML content in + about: URIs. + * Also filter the attributes cite, longdesc, and usemap, which can contain + URIs. + * [ Joey Hess ] + * meta: Check that the urls provided for authorurl, permalink, and openid + are safe and can't contain javascript. + * [ Josh Triplett ] + * Match literal '.' in URI schemas containing '.', rather than matching any + character. + * Do not allow the steam: URI scheme. + * Allow the snews: URI scheme. + * Allow the smb: URI scheme."""]]
\ No newline at end of file |