X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/4d6f5e5a144e20bbda1c8e2d7d611b945394448f..679e620f15df58ced6f1c779c10e162a70220a07:/doc/security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index f3567d155..dc763ef40 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -145,6 +145,13 @@ with a username containing html code (anymore).
 It's difficult to know for sure if all such avenues have really been
 closed though.
 
+## HTML::Template security
+
+If the [[plugins/template]] plugin is enabled, users can modify templates
+like any other part of the wiki. This assumes that HTML::Template is secure
+when used with untrusted/malicious templates. (Note that includes are not
+allowed, so that's not a problem.)
+
 ----
 
 # Fixed holes