X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/8a5f9f6e0047149040c50db571faac89ab443085..714a5d6f7e22345a150f542745c15ce5d1027e96:/doc/security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 4db756e2e..b3b5b6f3e 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -91,6 +91,10 @@ _(AKA, the assumptions that will be the root of most security holes...)_
 Someone could add bad content to the wiki and hope to exploit ikiwiki.
 Note that ikiwiki runs with perl taint checks on, so this is unlikely.
 
+One fun thing in ikiwiki is its handling of a PageSpec, which involves
+translating it into perl and running the perl. Of course, this is done
+*very* carefully to guard against injecting arbitrary perl code.
+
 ## publishing cgi scripts
 
 ikiwiki does not allow cgi scripts to be published as part of the wiki. Or