[pmwiki-users] Integrating JavaScript function into Custom Markup
Hans
design at softflow.co.uk
Fri Apr 7 15:00:29 CDT 2006
Friday, April 7, 2006, 6:49:55 PM, Patrick wrote:
> Might want to be careful here -- the above could potentially allow
> an author to inject some javascript code directly into the page
> output via the map= or title arguments, since they aren't input
> filtered.
I don't understand why. The markup function returns specific
javascript of function map(). Is that not saveguard enough?
How can other javascript code be injected?
Best,
Hans
More information about the pmwiki-users
mailing list