On Thu, May 6, 2010 at 3:45 AM, Twylite <[email protected]> wrote: > As stated on Fossils Admin -> Configuration page: "CAUTION: when > enabling, all HTML tags and attributes are accepted in the wiki. No > sanitization is done. This means that it is very possible for malicious > users to inject dangerous HTML, CSS and JavaScript code into your wiki."
Before I added the attribute scrubbing to CVSTrac (http://www.cvstrac.org/cvstrac/chngview?cn=610), we were seeing a lot of link spammers wrap their content in things like: <p style="display: none"> Admittedly, a lot of sites would be fooled by this sort of thing, but it's a bit harder with a wiki. http://www.cvstrac.org/cvstrac/wiki?p=WikiSpam lists most of the other counter-measures we've added over the years. c. _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
