web commit by JoshTriplett

author joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>

Mon, 19 Feb 2007 22:52:54 +0000 (22:52 +0000)

committer joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>

Mon, 19 Feb 2007 22:52:54 +0000 (22:52 +0000)
author joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Mon, 19 Feb 2007 22:52:54 +0000 (22:52 +0000)
committer joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Mon, 19 Feb 2007 22:52:54 +0000 (22:52 +0000)
diff --git a/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn b/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn

new file mode 100644 (file)

index 0000000..832ae83
--- /dev/null
+++ b/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn
@@ -0,0 +1 @@
+In style.css, please don't refer to the OpenID image on an external site.  This reference allows that site to track users of ikiwikis and other sites supporting OpenID.  Furthermore, this reference also opens up cross-site scripting vulnerabilities if the external site did something malicious.  If the image has a Free Software license, please include it in ikiwiki, in the basewiki (preferably converted from gif to png).  If the image does not have a Free Software license, please omit it, and allow users to choose to add it to their CSS themselves if they find the risks acceptable.  --[[JoshTriplett]]
+\ No newline at end of file
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
	Mon, 19 Feb 2007 22:52:54 +0000 (22:52 +0000)
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
	Mon, 19 Feb 2007 22:52:54 +0000 (22:52 +0000)