## javascript insertion via uris
The htmlscrubber did not block javascript in uris. This was fixed by adding
-a whitelist of valid uri types, which does not include javascript.
+a whitelist of valid uri types, which does not include javascript. Some
+urls specifyable by the meta plugin could also theoretically have been used
+to inject javascript; this was also blocked.
This hole was discovered on 10 February 2008 and fixed the same day
-with the release of ikiwiki 2.31.1. A fix was also backported to Debian etch,
-as version 1.33.4. I recommend upgrading to one of these versions if your
-wiki can be edited by third parties.
+with the release of ikiwiki 2.31.1. (And a few subsequent versions..)
+A fix was also backported to Debian etch, as version 1.33.4. I recommend
+upgrading to one of these versions if your wiki can be edited by third
+parties.