Merge branch 'master' of ssh://juju.nz:3022/michaelh/wiki

Put script in a block to fix the parsing rendering
2023-12-27 19:38:35 +01:00 · 2023-12-27 19:37:36 +01:00
1 changed files with 2 additions and 2 deletions
--- a/content/post/2008/08/2008-08-05-zen-of-website-maintenance.md
+++ b/content/post/2008/08/2008-08-05-zen-of-website-maintenance.md
@ -10,7 +10,7 @@ categories:
 ---
 A certain website had a few vuneribilities including XSS and leaking passwords.Â  The fixes were:

-  * The <script> tag was turned on for pending users.Â  Configure off. Â All other users get their tags filtered against a safe list
+  * The `<script>` tag was turned on for pending users.Â  Configure off. Â All other users get their tags filtered against a safe list
  * The superuser always skips the filter and sees all tags. Â I can&#8217;t fix this, but I&#8217;ve changed the cookie so that its not useful to a cookie catcher
  * The &#8216;password&#8217; in the cookie was just a hash of the password.Â  It is now a hash of the password, the IP address of the client, and a secret. Â A leaked password should only be usable from the same IP
-  * The &#8216;password&#8217; field has been removed from all forms and replaced with cookie based authentication
+  * The &#8216;password&#8217; field has been removed from all forms and replaced with cookie based authentication
Author	SHA1	Message	Date
Michael Hope	ed3f58a260	Merge branch 'master' of ssh://juju.nz:3022/michaelh/wiki All checks were successful continuous-integration/drone/push Build is passing Details	2023-12-27 19:38:35 +01:00
Michael Hope	39894e508a	Put `script` in a block to fix the parsing rendering	2023-12-27 19:37:36 +01:00