* Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber

[ikiwiki.git] / doc / plugins / htmlscrubber.mdwn

diff --git a/doc/htmlsanitization.mdwn b/doc/plugins/htmlscrubber.mdwn
similarity index 80%
rename from doc/htmlsanitization.mdwn
rename to doc/plugins/htmlscrubber.mdwn
index 2c814e8e42a5e1dc3620788d8842d9cf4ce8a3fd..cf0d8e02aca4243291b5bfcecdceea621273c6ea 100644 (file)
--- a/doc/htmlsanitization.mdwn
+++ b/doc/plugins/htmlscrubber.mdwn
@@ -1,13 +1,12 @@
-When run with the `--sanitize` switch, which is turned on by default (see
-[[usage]]), ikiwiki sanitizes the html on pages it renders to avoid XSS
-attacks and the like.
+This plugin is enabled by default. It sanitizes the html on pages it renders
+to avoid XSS attacks and the like.
 
-ikiwiki excludes all html tags and attributes except for those that are
+It excludes all html tags and attributes except for those that are
 whitelisted using the same lists as used by Mark Pilgrim's Universal Feed
 Parser, documented at <http://feedparser.org/docs/html-sanitization.html>.
 Notably it strips `style`, `link`, and the `style` attribute.
 
-ikiwiki uses the HTML::Scrubber perl module to perform its html
+It uses the HTML::Scrubber perl module to perform its html
 sanitisation, and this perl module also deals with various entity encoding
 tricks.
 
@@ -23,7 +22,8 @@ browser.
 
 ----
 
-Some examples of embedded javascript that won't be let through.
+Some examples of embedded javascript that won't be let through when this
+plugin is active:
 
 * <span style="background: url(javascript:window.location='http://example.org/')">test</span>
 * <span style="&#x61;&#x6e;&#x79;&#x3a;&#x20;&#x65;&#x78;&#x70;&#x72;&#x65;&#x73;&#x73;&#x69;&#x6f;&#x6e;&#x28;&#x77;&#x69;&#x6e;&#x64;&#x6f;&#x77;&#x2e;&#x6c;&#x6f;&#x63;&#x61;&#x74;&#x69;&#x6f;&#x6e;&#x3d;&#x27;&#x68;&#x74;&#x74;&#x70;&#x3a;&#x2f;&#x2f;&#x65;&#x78;&#x61;&#x6d;&#x70;&#x6c;&#x65;&#x2e;&#x6f;&#x72;&#x67;&#x2f;&#x27;&#x29;">test</span>