-- `refreshpofiles` uses `system()`, whose args have to be checked more
- thoroughly to prevent any security issue (command injection, etc.).
- > Always pass `system()` a list of parameters to avoid the shell.
- > I've checked in a change fixing that. --[[Joey]]
-- `refreshpofiles` and `refreshpot` create new files; this may need
- some checks, e.g. using `IkiWiki::prep_writefile()`
- > Yes, it would be ideal to call `prep_writefile` on each file
- > that they write, beforehand. This way you'd avoid symlink attacks etc to the
- > generated po/pot files. I haven't done it, but it seems pretty trivial.
- > --[[Joey]]
-- Can any sort of directives be put in po files that will
- cause mischief (ie, include other files, run commands, crash gettext,
- whatever).
-- Any security issues on running po4a on untrusted content?
+Markdown is well supported. Some other markup languages supported by
+ikiwiki mostly work, but some pieces of syntax are not rendered
+correctly on the slave pages: