From 08485ec444cf81015e39c52e6ce8e7b933a036f6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 12 Mar 2010 15:40:47 -0500 Subject: [PATCH] response --- .../finer_control_over___60__object___47____62__s.mdwn | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/todo/finer_control_over___60__object___47____62__s.mdwn b/doc/todo/finer_control_over___60__object___47____62__s.mdwn index 714f5ae50..ac4b55568 100644 --- a/doc/todo/finer_control_over___60__object___47____62__s.mdwn +++ b/doc/todo/finer_control_over___60__object___47____62__s.mdwn @@ -27,6 +27,13 @@ For Ikiwiki, it may be nice to be able to restrict [URI's][URI] (as required by [[wishlist]] +> SVG can contain embedded javascript. The spec that you link to contains +> examples of objects that contain python scripts, Microsoft OLE +> objects, and Java. And then there's flash. I don't think ikiwiki can +> assume all the possibilities are handled securely, particularly WRT XSS +> attacks. +> --[[Joey]] + ## See also * [Objects, Images, and Applets in HTML documents][objects-html] -- 2.26.2