web commit by joey

[ikiwiki.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 956351d709c4e321eb6e0436239868155b3ca73f..f02576dc462a1949534c1879506f0ffe366a4f79 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -10,6 +10,8 @@ to be kept in mind.
 
 # Probable holes
 
+_(The list of things to fix.)_
+
 ## svn commit logs
 
 Anyone with svn commit access can forge "web commit from foo" and make it
@@ -60,7 +62,7 @@ this wiki, BTW.
 
 ## page locking can be bypassed via direct svn commits
 
-A [[lock]]ed page can only be edited on the web by an admin, but
+A locked page can only be edited on the web by an admin, but
 anyone who is allowed to commit direct to svn can bypass this. This is by
 design, although a subversion pre-commit hook could be used to prevent
 editing of locked pages when using subversion, if you really need to.
@@ -144,7 +146,7 @@ closed though.
 
 # Fixed holes
 
-_(Unless otherwise noted, these were discovered and immediatey fixed by the
+_(Unless otherwise noted, these were discovered and immediately fixed by the
 ikiwiki developers.)_
 
 ## destination directory file replacement
@@ -213,4 +215,5 @@ pages from source with some other extension.
 
 ## XSS attacks in page content
 
-ikiwiki supports [[HtmlSanitization]], though it can be turned off.
+ikiwiki supports protecting users from their own broken browsers via the
+[[plugins/htmlscrubber]] plugin, which is enabled by default.