Add todo item for blocking external links.

author joshtriplett <joshtriplett@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>

Fri, 6 Apr 2007 05:38:02 +0000 (05:38 +0000)

committer joshtriplett <joshtriplett@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>

Fri, 6 Apr 2007 05:38:02 +0000 (05:38 +0000)
author joshtriplett <joshtriplett@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Fri, 6 Apr 2007 05:38:02 +0000 (05:38 +0000)
committer joshtriplett <joshtriplett@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Fri, 6 Apr 2007 05:38:02 +0000 (05:38 +0000)
diff --git a/doc/todo/block_external_links.mdwn b/doc/todo/block_external_links.mdwn

new file mode 100644 (file)

index 0000000..f62897a
--- /dev/null
+++ b/doc/todo/block_external_links.mdwn
@@ -0,0 +1,14 @@
+I'd like the ability to block external links from anonymous users, or from
+untrusted users.  This could work by generating the HTML for the new page and
+comparing it to the HTML for the old page, looking for any new <a> tags with
+href values that didn't exist in the old page and don't start with the URL of
+the wiki.  Comparing the HTML, rather than the input, allows usage with
+various types of input formats, and ensures that a template, shortcut, or some
+new plugin will not bypass the filter.
+
+This would probably benefit from a whitelist of acceptable external URLs.
+
+This may actually form a subset of the general concept of content policies,
+described at [[todo/fileupload]].
+
+--[[JoshTriplett]]
author	joshtriplett <joshtriplett@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
	Fri, 6 Apr 2007 05:38:02 +0000 (05:38 +0000)
committer	joshtriplett <joshtriplett@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
	Fri, 6 Apr 2007 05:38:02 +0000 (05:38 +0000)