Working examples vs. security

Cheetham, Anastasia acheetham at
Tue Feb 8 20:56:04 UTC 2011

Our goals for the new documentation include (among others):
 1) community editing, and
 2) live demos within pages

This seems to open up a security concern: Support for community editing could allow editors to add malicious code to our documentation pages (not that anyone in our community would do that, but...).

Some of the proposed systems involve a review process that would prevent this (source files in git requiring a pull, for example), but some wikis (Confluence, for example) allow editors to embed HTML and JS right in the page.

How much of a concern should this be? Should a vetting provision for code be a requirement of any system we adopt? Any other thoughts on this issue?

Anastasia Cheetham     Inclusive Design Research Centre
acheetham at            Inclusive Design Institute
                                        OCAD University

More information about the fluid-work mailing list