X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/96125d8da512d992012560a1115eb3a8115bafbe..fb97d067cb4d20ffe944319caf1d45b512d3f91f:/doc/plugins/htmlscrubber.mdwn?ds=inline
diff --git a/doc/plugins/htmlscrubber.mdwn b/doc/plugins/htmlscrubber.mdwn
index 8e37a5bd5..7962b3b52 100644
--- a/doc/plugins/htmlscrubber.mdwn
+++ b/doc/plugins/htmlscrubber.mdwn
@@ -17,17 +17,22 @@ While I believe that this makes ikiwiki as resistant to malicious html
content as anything else on the web, I cannot guarantee that it will
actually protect every user of every browser from every browser security
hole, badly designed feature, etc. I can provide NO WARRANTY, like it says
-in ikiwiki's [GPL](GPL) license.
+in ikiwiki's [[GPL]] license.
The web's security model is *fundamentally broken*; ikiwiki's html
sanitisation is only a patch on the underlying gaping hole that is your web
browser.
+Note that enabling or disabling the htmlscrubber plugin also affects some other
+HTML-related functionality, such as whether [[meta]] allows potentially unsafe
+HTML tags.
+
----
Some examples of embedded javascript that won't be let through when this
plugin is active:
-* test
-* test
-* test
+* script tag test
+* CSS script test
+* entity-encoded CSS script test
+* entity-encoded CSS script test