Revision: 3720
Author: mikesamuel
Date: Thu Sep 10 13:23:33 2009
Log: Edited wiki page through web user interface. In response to
discussion of http://codereview.appspot.com/115084/show
http://code.google.com/p/google-caja/source/detail?r=3720
Modified:
/wiki/UrlPolicy.wiki
=======================================
--- /wiki/UrlPolicy.wiki Tue Sep 1 20:28:43 2009
+++ /wiki/UrlPolicy.wiki Thu Sep 10 13:23:33 2009
@@ -387,4 +387,4 @@
Almost all urls should be rewritten to be fetched by a proxy. The proxy
ought to have the same level of amount of access as the authors of the
gadgets ie. if gadgets are fetched from the internet, urls ought to be
rewritten to use a public proxy to prevent gadgets from scanning internal
networks via url fetching errors.
-If a url must be fetched without proxying, the host name ought to be fully
qualified and terminated with a dot suffix (http://www.example.com.). If
such a precaution is not taken, a gadget can be used to probe an internal
network.
+If a url must be fetched without proxying, the host name ought to be fully
qualified and terminated with a dot suffix (http://www.example.com.). If
such a precaution is not taken, a gadget can be used to probe an internal
network. Also, consider rejecting any URLs with non-standard ports, e.g.
http to port 22.
