-When run with the --sanitize switch, which is turned on by default (see
+When run with the `--sanitize` switch, which is turned on by default (see
[[usage]]), ikiwiki sanitizes the html on pages it renders to avoid XSS
attacks and the like.
sanitisation, and this perl module also deals with various entity encoding
tricks.
-While I beleive that this makes ikiwiki as resistant to malicious html
+While I believe that this makes ikiwiki as resistant to malicious html
content as anything else on the web, I cannot guarantee that it will
actually protect every user of every browser from every browser security
hole, badly designed feature, etc. I can provide NO WARRANTY, like it says
in ikiwiki's [GPL](GPL) license.
-The web's security model is *fundamntally broken*; ikiwiki's HTML
+The web's security model is *fundamentally broken*; ikiwiki's html
sanitisation is only a patch on the underlying gaping hole that is your web
browser.
Some examples of embedded javascript that won't be let through.
-<span style="background: url(javascript:window.location='http://example.org/')">test</span>
-<span style="any: expression(window.location='http://example.org/')">test</span>
-<span style="any: expression(window.location='http://example.org/')">test</span>
+* <span style="background: url(javascript:window.location='http://example.org/')">test</span>
+* <span style="any: expression(window.location='http://example.org/')">test</span>
+* <span style="any: expression(window.location='http://example.org/')">test</span>