diff options
Diffstat (limited to 'doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn')
| -rw-r--r-- | doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn b/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn new file mode 100644 index 000000000..832ae8363 --- /dev/null +++ b/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn @@ -0,0 +1 @@ +In style.css, please don't refer to the OpenID image on an external site. This reference allows that site to track users of ikiwikis and other sites supporting OpenID. Furthermore, this reference also opens up cross-site scripting vulnerabilities if the external site did something malicious. If the image has a Free Software license, please include it in ikiwiki, in the basewiki (preferably converted from gif to png). If the image does not have a Free Software license, please omit it, and allow users to choose to add it to their CSS themselves if they find the risks acceptable. --[[JoshTriplett]]
\ No newline at end of file |