blob: 3d0177a52af5360ad774d1d696d38a7c7c9576cb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
ikiwiki 2.32.3 released with [[toggle text="these changes"]]
[[toggleable text="""
* [ Josh Triplett ]
* Do not allow the about: URI scheme; some browsers interpret about:
URIs like a limited version of data: URIs. In particular, some
versions of Internet Explorer interpret arbitrary HTML content in
about: URIs.
* Also filter the attributes cite, longdesc, and usemap, which can contain
URIs.
* [ Joey Hess ]
* meta: Check that the urls provided for authorurl, permalink, and openid
are safe and can't contain javascript.
* [ Josh Triplett ]
* Match literal '.' in URI schemas containing '.', rather than matching any
character.
* Do not allow the steam: URI scheme.
* Allow the snews: URI scheme.
* Allow the smb: URI scheme."""]]
|