Working examples vs. security
acheetham at ocad.ca
Tue Feb 8 20:56:04 UTC 2011
Our goals for the new documentation include (among others):
1) community editing, and
2) live demos within pages
This seems to open up a security concern: Support for community editing could allow editors to add malicious code to our documentation pages (not that anyone in our community would do that, but...).
Some of the proposed systems involve a review process that would prevent this (source files in git requiring a pull, for example), but some wikis (Confluence, for example) allow editors to embed HTML and JS right in the page.
How much of a concern should this be? Should a vetting provision for code be a requirement of any system we adopt? Any other thoughts on this issue?
Anastasia Cheetham Inclusive Design Research Centre
acheetham at ocad.ca Inclusive Design Institute
More information about the fluid-work