web commit by BrandenRobinson: Explain why letting users specify regexes is bad.

[ikiwiki.git] / doc / todo.mdwn

diff --git a/doc/todo.mdwn b/doc/todo.mdwn
index 6a14228fb0238f5d3b628deb5fa50eb2dea80846..d7326854efd2c79c5b0481072e82825137c693d3 100644 (file)
--- a/doc/todo.mdwn
+++ b/doc/todo.mdwn
@@ -1,6 +1,5 @@
 ## online page editing
 
 ## online page editing
 

-* Missing support for preview.

 * Missing conflict detection, just overwrites changes and does not svn up
   first..
 * Eventually, might want page deletion.
 * Missing conflict detection, just overwrites changes and does not svn up
   first..
 * Eventually, might want page deletion.


@@ -24,6 +23,10 @@ is built. (As long as all changes to all pages is ok.)
      explicitly named pages would be desirable.
   2. I think that since we're using Perl on the backend, being able to
      let users craft their own arbitrary regexes would be good.
      explicitly named pages would be desirable.
   2. I think that since we're using Perl on the backend, being able to
      let users craft their own arbitrary regexes would be good.

+
+     Joey points out that this is actually a security hole, because Perl
+     regexes let you embed (arbitrary?) Perl expressions inside them.  Yuck!
+

   3. Of course if you do that, you want to have form processing on the user
      page that lets them tune it, and probably choose literal or glob by
      default.
   3. Of course if you do that, you want to have form processing on the user
      page that lets them tune it, and probably choose literal or glob by
      default.


@@ -105,4 +108,8 @@ docs to use as a seed for new wikis.
 * list of all missing pages
 * list of all pages or some kind of page map
 
 * list of all missing pages
 * list of all pages or some kind of page map
 

+## page indexes
+
+Might be nice to support automatically generating an index based on headers in a page, for long pages. The question is, how to turn on such an index?
+

 ## [[Bugs]]
 ## [[Bugs]]