+ikiwiki (2.40) UNRELEASED; urgency=low
+
+ * Add new preprocessor directive syntax¸ using a '!' prefix. Add a
+ prefix_directives option to the setup file to turn this syntax on;
+ currently defaults to false, for backward compatibility. Support
+ optional '!' prefix even with prefix_directives off, and use that in
+ the underlay to support either setting of prefix_directives. Add NEWS
+ entry with migration information.
+
+ -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:18:58 -0800
+
+ikiwiki (2.31.3) unstable; urgency=high
+
+ [ Josh Triplett ]
+ * Do not allow the about: URI scheme; some browsers interpret about:
+ URIs like a limited version of data: URIs. In particular, some
+ versions of Internet Explorer interpret arbitrary HTML content in
+ about: URIs.
+ * Also filter the attributes cite, longdesc, and usemap, which can contain
+ URIs.
+
+ [ Joey Hess ]
+ * meta: Check that the urls provided for authorurl, permalink, and openid
+ are safe and can't contain javascript.
+
+ -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:59:00 -0800
+
+ikiwiki (2.31.2) unstable; urgency=high
+
+ * The security fix in the last release had buggy handling of data:image,
+ now fixed.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 15:31:17 -0500
+
+ikiwiki (2.31.1) unstable; urgency=low
+
+ * htmlscrubber security fix: Block javascript in uris.
+ * Add htmlscrubber test suite.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:22:59 -0500
+
ikiwiki (2.31) unstable; urgency=low
[ Joey Hess ]
sipb-www / ikiwiki.git / blobdiff