X-Git-Url: http://git.tremily.us/?p=ikiwiki.git;a=blobdiff_plain;f=doc%2Ftodo.mdwn;h=d7326854efd2c79c5b0481072e82825137c693d3;hp=d4abc832d0a6f17fdb5005cd3c039fcab7e14146;hb=2aa59621153fcba1d72d7c7688037f1fdfa7f95f;hpb=e57ee3aaea9f3f3fdafeef868847f1698ab0ff09

diff --git a/doc/todo.mdwn b/doc/todo.mdwn
index d4abc832d..d7326854e 100644
--- a/doc/todo.mdwn
+++ b/doc/todo.mdwn
@@ -23,6 +23,10 @@ is built. (As long as all changes to all pages is ok.)
      explicitly named pages would be desirable.
   2. I think that since we're using Perl on the backend, being able to
      let users craft their own arbitrary regexes would be good.
+
+     Joey points out that this is actually a security hole, because Perl
+     regexes let you embed (arbitrary?) Perl expressions inside them.  Yuck!
+
   3. Of course if you do that, you want to have form processing on the user
      page that lets them tune it, and probably choose literal or glob by
      default.