Our goals for the new documentation include (among others): 1) community editing, and 2) live demos within pages
This seems to open up a security concern: Support for community editing could allow editors to add malicious code to our documentation pages (not that anyone in our community would do that, but...). Some of the proposed systems involve a review process that would prevent this (source files in git requiring a pull, for example), but some wikis (Confluence, for example) allow editors to embed HTML and JS right in the page. How much of a concern should this be? Should a vetting provision for code be a requirement of any system we adopt? Any other thoughts on this issue? -- Anastasia Cheetham Inclusive Design Research Centre [email protected] Inclusive Design Institute OCAD University _______________________________________________________ fluid-work mailing list - [email protected] To unsubscribe, change settings or access archives, see http://fluidproject.org/mailman/listinfo/fluid-work
