From 873bbfcb182ea7280fbef43972bfc990ad146808 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Mon, 29 Oct 2012 12:38:58 +0100
Subject: [PATCH] added xss links, cleaned up todo

---
 developer_manual/templates.rst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/developer_manual/templates.rst b/developer_manual/templates.rst
index 62edd866c..de73fa5b8 100644
--- a/developer_manual/templates.rst
+++ b/developer_manual/templates.rst
@@ -4,7 +4,7 @@ Templates
 Owncloud uses its own templating system. 
 
 
-TODO: disallow print(), echo, and php template printing, check not using filesystem traversal in link_to and image_path, check for accuracy, easy_install -U sphinxcontrib-phpdomain
+TODO: Security: disallow print(), echo, <?=, error_log()
 
 Template class
 --------------
@@ -115,4 +115,6 @@ TBD
 
 Further reading
 ---------------
-TODO: XSS links
+http://en.wikipedia.org/wiki/Cross-site_scripting
+https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
+https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29