incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murray Altheim <murra...@altheim.com>
Subject Security question on SET
Date Mon, 27 Oct 2008 21:19:16 GMT
 From a message sent into jspwiki-users:
>> Is there an option to disable CamelCase in an entire page ?
>
Janne Jalkanen responded:
> Sure there is!
> 
> For the whole wiki: put the following in the jspwiki.properties (make
> sure you only have one copy of the setting, though ;-).
> 
> jspwiki.translatorReader.camelCaseLinks = false
> 
> For a single page, put the following on the page:
> 
> [{SET jspwiki.translatorReader.camelCaseLinks=false}]

After reading this message it occurred to me that if it is possible
to alter any of the wiki's property settings via a SET command, we
might want to systematically go through the set of properties and
determine if there are any security or wiki-wide functionality issues
(which of course makes them related to security) that we might want
to either flag and/or prohibit from being set by users.

Has anyone does this already? Or is there an understanding that there
are no security issues here? (I'm thinking of things like permitting
HTML parsing for a single page, etc.  -- there might be others more
subtle.)

Murray

...........................................................................
Murray Altheim <murray07 at altheim.com>                           ===  = =
http://www.altheim.com/murray/                                     = =  ===
SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk               = =  = =

       Boundless wind and moon - the eye within eyes,
       Inexhaustible heaven and earth - the light beyond light,
       The willow dark, the flower bright - ten thousand houses,
       Knock at any door - there's one who will respond.
                                       -- The Blue Cliff Record

Mime
View raw message