X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/7c847499b7922983453455b6d00faf8f472f3e91..e71622d233660b5ba305d68e586d7d14ff2124e6:/doc/plugins/contrib/remark.mdwn diff --git a/doc/plugins/contrib/remark.mdwn b/doc/plugins/contrib/remark.mdwn index f35740153..8c178321f 100644 --- a/doc/plugins/contrib/remark.mdwn +++ b/doc/plugins/contrib/remark.mdwn @@ -1,5 +1,5 @@ [[!template id=plugin name=remark author="[[schmonz]]"]] -[[!template id=gitbranch branch=schmonz/remark author="[[schmonz]]"]] +[[!template id=gitbranch branch=schmonz/remark.js author="[[schmonz]]"]] [[!tag type/format]] [Remark.js](http://remarkjs.com) makes web slides from Markdown. This @@ -19,13 +19,13 @@ any other page, which -- because the Markdown is deliberately not being rendered by ikiwiki -- results in the slide source being displayed (and not elegantly). Clicking through to the slides works right, of course. -Should [[inline]] (and more generally [[ikiwiki/PageSpec]]) understand -that web slides are not exactly regular pages? And/or should this plugin -detect when slides are being inlined and allow ikiwiki to process the -Markdown as a sort of "preview"? +See [[Discussion#inline]]. -## Concern: safety of web-editing +## Problem: safety of web-editing -Even though `remarkpage.tmpl` has no action links, is it still possible -for someone to trick their way into web-editing a slide deck? And if -they do, is that dangerous? +This plugin is not currently safe for wikis where `.remark` pages can be +edited by untrusted users; the [[plugins/htmlscrubber]] is unlikely to be +able to prevent cross-site scripting in this plugin. Make sure only trusted +(administrative) users can create or edit `.remark` pages. + +See [[Discussion#editing]].