]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - doc/plugins/po/discussion.mdwn
projects / git.ikiwiki.info.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use Digest::SHA built into perl rather than external Digest::SHA1 to simplify depende...
[git.ikiwiki.info.git] / doc / plugins / po / discussion.mdwn
diff --git a/doc/plugins/po/discussion.mdwn b/doc/plugins/po/discussion.mdwn
index 27683f1eae22ddce2fca8c01155fee976f35c273..73858c8189972ce700b9088e09bd0a19799d715c 100644 (file)
--- a/doc/plugins/po/discussion.mdwn
+++ b/doc/plugins/po/discussion.mdwn
@@ -150,6 +150,23 @@ The following analysis was done with his help.
   variables; according to [[Joey]], this is "Freaky code, but seems ok
   due to use of `quotementa`".
 
+##### Locale::Po4a::Xhtml
+
+* does not run any external program
+* does not build regexp's from untrusted variables
+
+=> Seems safe as far as the `includessi` option is disabled; the po
+plugin explicitly disables it.
+
+Relies on Locale::Po4a::Xml` to do most of the work.
+
+##### Locale::Po4a::Xml
+
+* does not run any external program
+* the `includeexternal` option makes it able to read external files;
+  the po plugin explicitly disables it
+* untrusted variables are escaped when used to build regexp's
+
 ##### Text::WrapI18N
 
 `Text::WrapI18N` can cause DoS
Unnamed repository; edit this file 'description' to name the repository.