From d47b4ae39f848a09e71cf194556ea276d1489349 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 13 Nov 2007 14:14:24 -0500 Subject: [PATCH] web commit by tschwinge: Add a *Discussion* header. --- ...2__forward__42__ing_functionality_for_the_meta_plugin.mdwn | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn index 30f9f7d0a..0fa79a1b7 100644 --- a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn +++ b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn @@ -28,9 +28,11 @@ I can also submit a Git patch, if desired. It might be doable to add references to pages that refer to the page containg the forwarding statement also to the referred-to page. - --[[tschwinge]] + +# Discussion + > The html scrubber cannot scrub meta headers. So if you emit one > containing user-supplied data, it's up to you to scrub it to avoid all > possible XSS attacks. Two attacks I'd worry about are cyclic meta refresh -- 2.26.2