I don''t think rhtml runs in any sort of "sandbox". Allowing
rhtml would
allow people to use it to delete files off your server, or output the
contents of files that they should not be able to see.
-james
On 10/14/05, Rich Morin <rdm at cfcl.com> wrote:>
> Instiki seems to be willing to interpret embedded html, but it
> balks at interpreting rhtml. For example,
>
> <%= 123 + 456 %>
>
> simply shows up as
>
> <= 123 + 456 >
>
> Is there a reason why allowing rhtml (perhaps as an option)
> would be a Bad Idea? If not, how might I (as a Nuby) try it?
>
> -r
> --
> email: rdm at cfcl.com; phone: +1 650-873-7841
> http://www.cfcl.com - Canta Forda Computer Laboratory
> http://www.cfcl.com/Meta - The FreeBSD Browser, Meta Project, etc.
> _______________________________________________
> Instiki-users mailing list
> Instiki-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/instiki-users
>
--
James A. Hillyerd <james at hillyerd.com>
Chief Technical Officer - ActiveRain Corp
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/instiki-users/attachments/20051014/6cb7969a/attachment.htm