* The page name and parent links has switched from using a <h1> to a styled

[ikiwiki.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 956351d709c4e321eb6e0436239868155b3ca73f..73d98a3ae5fcf88c1dbcbe4b0ba983f853ad54e8 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -10,6 +10,8 @@ to be kept in mind.
 
 # Probable holes
 
+_(The list of things to fix.)_
+
 ## svn commit logs
 
 Anyone with svn commit access can forge "web commit from foo" and make it
@@ -60,7 +62,7 @@ this wiki, BTW.
 
 ## page locking can be bypassed via direct svn commits
 
-A [[lock]]ed page can only be edited on the web by an admin, but
+A locked page can only be edited on the web by an admin, but
 anyone who is allowed to commit direct to svn can bypass this. This is by
 design, although a subversion pre-commit hook could be used to prevent
 editing of locked pages when using subversion, if you really need to.
@@ -213,4 +215,5 @@ pages from source with some other extension.
 
 ## XSS attacks in page content
 
-ikiwiki supports [[HtmlSanitization]], though it can be turned off.
+ikiwiki supports protecting users from their own broken browsers via the
+[[plugins/htmlscrubber]] plugin, which is enabled by default.