]> sipb.mit.edu Git - ikiwiki.git/blobdiff - doc/security.mdwn
sipb-www / ikiwiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix
[ikiwiki.git] / doc / security.mdwn
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 4db756e2e001fde219e2388586f9369cba45510e..b3b5b6f3ee98a5be03a4cdfc80433d09c0e343cd 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -91,6 +91,10 @@ _(AKA, the assumptions that will be the root of most security holes...)_
 Someone could add bad content to the wiki and hope to exploit ikiwiki.
 Note that ikiwiki runs with perl taint checks on, so this is unlikely.
 
+One fun thing in ikiwiki is its handling of a PageSpec, which involves
+translating it into perl and running the perl. Of course, this is done
+*very* carefully to guard against injecting arbitrary perl code.
+
 ## publishing cgi scripts
 
 ikiwiki does not allow cgi scripts to be published as part of the wiki. Or
wiki compiler