response

author Joey Hess <joey@gnu.kitenet.net>

Fri, 12 Mar 2010 20:40:47 +0000 (15:40 -0500)

committer Joey Hess <joey@gnu.kitenet.net>

Fri, 12 Mar 2010 20:40:47 +0000 (15:40 -0500)
author Joey Hess <joey@gnu.kitenet.net>
Fri, 12 Mar 2010 20:40:47 +0000 (15:40 -0500)
committer Joey Hess <joey@gnu.kitenet.net>
Fri, 12 Mar 2010 20:40:47 +0000 (15:40 -0500)
diff --git a/doc/todo/finer_control_over___60__object___47____62__s.mdwn b/doc/todo/finer_control_over___60__object___47____62__s.mdwn

index 714f5ae50470b6810270de718266b2a71d87b848..ac4b555685cc6d7d610c45d02b52d0c9d092024c 100644 (file)
--- a/doc/todo/finer_control_over___60__object___47____62__s.mdwn
+++ b/doc/todo/finer_control_over___60__object___47____62__s.mdwn
@@ -27,6 +27,13 @@ For Ikiwiki, it may be nice to be able to restrict [URI's][URI] (as required by
  
  [[wishlist]]
  
+> SVG can contain embedded javascript. The spec that you link to contains
+> examples of objects that contain python scripts, Microsoft OLE 
+> objects, and Java. And then there's flash. I don't think ikiwiki can
+> assume all the possibilities are handled securely, particularly WRT XSS
+> attacks.
+> --[[Joey]]
+
  ## See also
  
  * [Objects, Images, and Applets in HTML documents][objects-html]
author	Joey Hess <joey@gnu.kitenet.net>
	Fri, 12 Mar 2010 20:40:47 +0000 (15:40 -0500)
committer	Joey Hess <joey@gnu.kitenet.net>
	Fri, 12 Mar 2010 20:40:47 +0000 (15:40 -0500)