From aa5c6c94fde1fc9d15a0ddc1189e1f273e0371e1 Mon Sep 17 00:00:00 2001 From: joey Date: Mon, 19 Feb 2007 22:52:54 +0000 Subject: [PATCH 1/1] web commit by JoshTriplett --- doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn | 1 + 1 file changed, 1 insertion(+) create mode 100644 doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn diff --git a/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn b/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn new file mode 100644 index 000000000..832ae8363 --- /dev/null +++ b/doc/bugs/Please_don__39__t_refer_to_offsite_openid_image.mdwn @@ -0,0 +1 @@ +In style.css, please don't refer to the OpenID image on an external site. This reference allows that site to track users of ikiwikis and other sites supporting OpenID. Furthermore, this reference also opens up cross-site scripting vulnerabilities if the external site did something malicious. If the image has a Free Software license, please include it in ikiwiki, in the basewiki (preferably converted from gif to png). If the image does not have a Free Software license, please omit it, and allow users to choose to add it to their CSS themselves if they find the risks acceptable. --[[JoshTriplett]] \ No newline at end of file -- 2.45.0