From a3f48a1106e4b3ae3db8b660b97a3b49f5598914 Mon Sep 17 00:00:00 2001
From: spalax <spalax@web>
Date: Tue, 31 May 2016 16:49:26 -0400
Subject: [PATCH] More about security

---
 doc/plugins/contrib/bibtex2html/discussion.mdwn | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/plugins/contrib/bibtex2html/discussion.mdwn b/doc/plugins/contrib/bibtex2html/discussion.mdwn
index 86686929c..3e4207e4e 100644
--- a/doc/plugins/contrib/bibtex2html/discussion.mdwn
+++ b/doc/plugins/contrib/bibtex2html/discussion.mdwn
@@ -112,6 +112,10 @@ Right now, it is not possible for the [[plugins/contrib/compile]] plugin to rend
 >>>> which prevents (?) shell injections. This adds the burden of manipulating
 >>>> arrays instead of strings, but security should be improved.
 >>>>
+>>>> But none of those ideas solve the problems you mentionned, being that
+>>>> external commands can do nasty things (the `-oclobberfile` option of
+>>>> `bibtex2html`) or contain bugs (like ImageMagick).
+>>>>
 >>>> If we want to merge this plugin and compile, I think a better idea than the one
 >>>> I proposed at the beginning of the discussion would be to provide two different
 >>>> directives: a `\[[!compile "foo.bar"]]` would compile the file and render it as a
-- 
2.39.2