web commit by VictorMoral

[ikiwiki.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index fa4480e1953eda4585d8580660b6218558c24691..f02576dc462a1949534c1879506f0ffe366a4f79 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -10,7 +10,7 @@ to be kept in mind.
 
 # Probable holes
 
 
 # Probable holes
 

-_(THe list of things to fix.)_
+_(The list of things to fix.)_

 
 ## svn commit logs
 
 
 ## svn commit logs
 


@@ -62,7 +62,7 @@ this wiki, BTW.
 
 ## page locking can be bypassed via direct svn commits
 
 
 ## page locking can be bypassed via direct svn commits
 

-A [[lock]]ed page can only be edited on the web by an admin, but
+A locked page can only be edited on the web by an admin, but

 anyone who is allowed to commit direct to svn can bypass this. This is by
 design, although a subversion pre-commit hook could be used to prevent
 editing of locked pages when using subversion, if you really need to.
 anyone who is allowed to commit direct to svn can bypass this. This is by
 design, although a subversion pre-commit hook could be used to prevent
 editing of locked pages when using subversion, if you really need to.


@@ -146,7 +146,7 @@ closed though.
 
 # Fixed holes
 
 
 # Fixed holes
 

-_(Unless otherwise noted, these were discovered and immediatey fixed by the
+_(Unless otherwise noted, these were discovered and immediately fixed by the

 ikiwiki developers.)_
 
 ## destination directory file replacement
 ikiwiki developers.)_
 
 ## destination directory file replacement


@@ -215,4 +215,5 @@ pages from source with some other extension.
 
 ## XSS attacks in page content
 
 
 ## XSS attacks in page content
 

-ikiwiki supports [[HtmlSanitization]], though it can be turned off.
+ikiwiki supports protecting users from their own broken browsers via the
+[[plugins/htmlscrubber]] plugin, which is enabled by default.