changeset 1555:0eaaba71dfc0

Added XHTML to the unsafe list. Backport necessary.
author Alexander Schremmer <alex AT alexanderweb DOT de>
date Sun, 17 Sep 2006 18:53:05 +0200
parents 0739c71cc6a6
children 8151bed0e987 5628126794b4
files MoinMoin/config/multiconfig.py docs/CHANGES
diffstat 2 files changed, 3 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Sat Sep 16 12:32:12 2006 +0200
+++ b/MoinMoin/config/multiconfig.py	Sun Sep 17 18:53:05 2006 +0200
@@ -324,6 +324,7 @@
     mimetypes_xss_protect = [
         'text/html',
         'application/x-shockwave-flash',
+        'application/xhtml+xml',
     ]
 
     navi_bar = [u'RecentChanges', u'FindPage', u'HelpContents', ]
--- a/docs/CHANGES	Sat Sep 16 12:32:12 2006 +0200
+++ b/docs/CHANGES	Sun Sep 17 18:53:05 2006 +0200
@@ -278,8 +278,8 @@
       HTML files with Javascript inside for stealing your moin cookie or doing
       other nasty things. We improved this by using different behaviour depending
       on the potential danger the attached file has when served inline:
-      mimetypes_xss_protect = ['text/html', 'application/x-shockwave-flash', ]
-      This is the default value. If you know more dangerous stuff, please just
+      The config option contains a few mimetypes that are known to be inherently
+      unsafe to this regard. If you know more dangerous stuff, please just
       add the mimetypes there to protect your users and file a bug report
       telling us what we missed.