From d77da8089366f54ba720bc4ce83badc838dbc8d0 Mon Sep 17 00:00:00 2001
From: Alex Schroeder <alex@gnu.org>
Date: Mon, 4 Jul 2005 15:44:19 +0000
Subject: [PATCH] *** empty log message ***

---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 2ea84ada..01c594cb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2005-07-04  Alex Schroeder  <alex@gnu.org>
+
+	* wiki.pl (GetHtmlHeader): Don't allow double quotes in the css
+	parameter because it allows javascript injection as described by
+	Pierre Gaston -- he added "><script>...</script><meta" to a public
+	link and tricked users into clicking it.
+
 2005-07-01  Alex Schroeder  <alex@gnu.org>
 
 	* wiki.pl (TimeToW3): Bugfix.