Thread:Extension talk:WorkingWiki/Re: WARNING: the code or configuration described here poses a major security risk./reply

Thanks for asking! I had thought my security wiki page was clearer than it actually is. I'll try to give it some improvements today.

The issue is this: WorkingWiki allows wiki users to write code in various programming languages and have it run on the server, with makefiles specifying how to run programs and collect their output. It also helps people edit LaTeX documents by displaying an HTML version of their document in the wiki page. These two features combine to produce a situation in which users can write code to produce HTML output for display in the wiki page. This is risky, because HTML can do sinister things like include images from other servers (allowing the server owners to find out who's viewing the wiki pages) or include javascript programs that spoof the wiki's login page and capture people's passwords.

Obviously, running user-submitted code on the server has other security implications as well, such as code with infinite loops that brings the server to its knees. But I have proposed ways to handle the rest of them (on my security page). It's the HTML one that doesn't yet have an answer in place.

The full solution to this (other than removing huge amounts of functionality) would be to filter the HTML and only allow "clean" things to be displayed. This is difficult but probably possible.

It's been a low priority, because WorkingWiki is designed for use on small, semi-private wikis where only known, trusted team members can edit. But definitely important to fix in the long term! And I welcome patches...

There's a bug tracker item for it here: https://sourceforge.net/tracker/index.php?func=detail&aid=3492411&group_id=366300&atid=1527385