*** empty log message ***

2005-07-04 15:44:19 +00:00
parent 9429699e54
commit d77da80893
1 changed files with 7 additions and 0 deletions
--- a/7
+++ b/7
@@ -1,3 +1,10 @@
+2005-07-04  Alex Schroeder  <alex@gnu.org>
+
+	* wiki.pl (GetHtmlHeader): Don't allow double quotes in the css
+	parameter because it allows javascript injection as described by
+	Pierre Gaston -- he added "><script>...</script><meta" to a public
+	link and tricked users into clicking it.
+
 2005-07-01  Alex Schroeder  <alex@gnu.org>

 	* wiki.pl (TimeToW3): Bugfix.