This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
FS#2909 <html> and <php> tags in comments
When using DW as a CMS, it might be useful, to enable <html> and/or <php>. As far as I see, this is no security issue, if only managers and admins get write permission for wiki pages. But enabling comments will introduce this vulnerability, if wiki syntax in comments is enabled.
There should be a configuration switch to disable <html> and <php> in comments if one or both are allowed in the wiki.
Btw: the german localisation string “De-/Aktivieren der Abo-Funktion für Kommentare” is very unlucky.
please report this in the plugin's bug tracker. comments are not a core function