From e766adc1f2b4ce70943f16780042e2f59070bb5d Mon Sep 17 00:00:00 2001
From: Ichthyostega <prg@ichthyostega.de>
Date: Mon, 21 Feb 2011 01:44:32 +0100
Subject: [PATCH] more notes...

Signed-off-by: Ichthyostega <prg@ichthyostega.de>
---
 doc/technical/infra/MenuGen.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/doc/technical/infra/MenuGen.txt b/doc/technical/infra/MenuGen.txt
index 6737eb860..f2b3d0b0b 100644
--- a/doc/technical/infra/MenuGen.txt
+++ b/doc/technical/infra/MenuGen.txt
@@ -33,3 +33,11 @@ Known issues
   generated as +parentPath/fileID+, to avoid mixing up similarily named
   files in different directories. (The NodeIndex allows to retrieve
   a node just by its bare ID, without path anyway)
+* no escaping: currently any variable text is written to the generated 
+  HTML without any sanitising or escaping. This might be a security issue
+* the method Node.matches() is implemented sloppily: it uses just a mutual
+  postfix match, while actually it should line up full path components and
+  check equality on components, starting from the path end. This cheesy
+  implementation can yield surprising side-effects: e.g. an not-yet attached
+  node +'end'+ could match a new menu page +'documentation/backend'+
+