-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=James Birkholz= wrote:
| It might be nice to be able to allow raw HTML on protected pages....
This idea has been kicked around before. Here are just a couple of the
potential pitfalls which have prevented it so far:
* Page protection is used for other purposes, and does not necessarily
mean that the current content is trusted or approved. If an admin
protects a page to stop fighting or vandalism and doesn't notice the
<html> trap left on it by a malicious user, *BOOM*
(A related example is the protected log pages in 1.3.x, where text
submitted by non-admin users will be rendered as wiki text in a
protected page context.)
* Protected pages may use non-protected templates. If the non-protected
template gets an <html> bit added to it, *BOOM*
- -- brion vibber (brion @
pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (Darwin)
Comment: Using GnuPG with Thunderbird -
http://enigmail.mozdev.org
iD8DBQFB+F9DwRnhpk1wk44RAiJVAKCRSjbfumxtJogqGJVfaaaaPocHmQCg1Mbn
e2gVkPTpQpNdkk4nU8puCwc=
=43T1
-----END PGP SIGNATURE-----