X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/d7aecf6ddc19d1dac30ec5616134c2a7e7f4d573..e2da5b4f6e3b6d650a27b65e99cb4c75dd51e94c:/doc/htmlsanitization.mdwn
diff --git a/doc/htmlsanitization.mdwn b/doc/htmlsanitization.mdwn
index 617753e86..2c814e8e4 100644
--- a/doc/htmlsanitization.mdwn
+++ b/doc/htmlsanitization.mdwn
@@ -1,5 +1,5 @@
-When run with the --sanitize switch, which is turned on by default (see
-[[usage]], ikiwiki sanitizes the html on pages it renders to avoid XSS
+When run with the `--sanitize` switch, which is turned on by default (see
+[[usage]]), ikiwiki sanitizes the html on pages it renders to avoid XSS
attacks and the like.
ikiwiki excludes all html tags and attributes except for those that are
@@ -11,13 +11,13 @@ ikiwiki uses the HTML::Scrubber perl module to perform its html
sanitisation, and this perl module also deals with various entity encoding
tricks.
-While I beleive that this makes ikiwiki as resistant to malicious html
+While I believe that this makes ikiwiki as resistant to malicious html
content as anything else on the web, I cannot guarantee that it will
actually protect every user of every browser from every browser security
hole, badly designed feature, etc. I can provide NO WARRANTY, like it says
-in ikiwiki's [[GPL]] license.
+in ikiwiki's [GPL](GPL) license.
-The web's security model is *fundamntally broken*; ikiwiki's HTML
+The web's security model is *fundamentally broken*; ikiwiki's html
sanitisation is only a patch on the underlying gaping hole that is your web
browser.
@@ -25,6 +25,6 @@ browser.
Some examples of embedded javascript that won't be let through.
-test
-test
-test
+* test
+* test
+* test