]> sipb.mit.edu Git - ikiwiki.git/blobdiff - IkiWiki/Plugin/htmlscrubber.pm
sipb-www / ikiwiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Also filter the attributes cite, longdesc, and usemap, which can contain URIs
[ikiwiki.git] / IkiWiki / Plugin / htmlscrubber.pm
diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
index 25caa8a506cdf5ab8ea0c9b0d3e9e935f62bd6f8..8136bdadce567c6ae21432755d73b4d0b9a01a73 100644 (file)
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -29,16 +29,15 @@ sub scrubber { #{{{
                "ldap", "mid", "news", "nfs", "nntp", "pop", "pres",
                "sip", "sips", "snmp", "tel", "urn", "wais", "xmpp",
                "z39.50r", "z39.50s",
                "ldap", "mid", "news", "nfs", "nntp", "pop", "pres",
                "sip", "sips", "snmp", "tel", "urn", "wais", "xmpp",
                "z39.50r", "z39.50s",
-               # data is a special case. Allow data:text/<image>, but
-               # disallow data:text/javascript and everything else.
-               qr/data:text\/(?:png|gif|jpeg)/,
                # Selected unofficial schemes
                # Selected unofficial schemes
-               "about", "aim", "callto", "cvs", "ed2k", "feed", "fish", "gg",
+               "aim", "callto", "cvs", "ed2k", "feed", "fish", "gg",
                "irc", "ircs", "lastfm", "ldaps", "magnet", "mms",
                "msnim", "notes", "rsync", "secondlife", "skype", "ssh",
                "sftp", "sms", "steam", "webcal", "ymsgr",
        );
                "irc", "ircs", "lastfm", "ldaps", "magnet", "mms",
                "msnim", "notes", "rsync", "secondlife", "skype", "ssh",
                "sftp", "sms", "steam", "webcal", "ymsgr",
        );
-       my $link=qr/^(?:$uri_schemes:|[^:]+$)/i;
+       # data is a special case. Allow data:image/*, but
+       # disallow data:text/javascript and everything else.
+       my $link=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+$)/i;
 
        eval q{use HTML::Scrubber};
        error($@) if $@;
 
        eval q{use HTML::Scrubber};
        error($@) if $@;
@@ -59,15 +58,15 @@ sub scrubber { #{{{
                        map { $_ => 1 } qw{
                                abbr accept accept-charset accesskey
                                align alt axis border cellpadding cellspacing
                        map { $_ => 1 } qw{
                                abbr accept accept-charset accesskey
                                align alt axis border cellpadding cellspacing
-                               char charoff charset checked cite class
+                               char charoff charset checked class
                                clear cols colspan color compact coords
                                datetime dir disabled enctype for frame
                                headers height hreflang hspace id ismap
                                clear cols colspan color compact coords
                                datetime dir disabled enctype for frame
                                headers height hreflang hspace id ismap
-                               label lang longdesc maxlength media method
+                               label lang maxlength media method
                                multiple name nohref noshade nowrap prompt
                                readonly rel rev rows rowspan rules scope
                                selected shape size span start summary
                                multiple name nohref noshade nowrap prompt
                                readonly rel rev rows rowspan rules scope
                                selected shape size span start summary
-                               tabindex target title type usemap valign
+                               tabindex target title type valign
                                value vspace width
                                autoplay loopstart loopend end
                                playcount controls 
                                value vspace width
                                autoplay loopstart loopend end
                                playcount controls 
@@ -76,7 +75,10 @@ sub scrubber { #{{{
                        href => $link,
                        src => $link,
                        action => $link,
                        href => $link,
                        src => $link,
                        action => $link,
+                       cite => $link,
+                       longdesc => $link,
                        poster => $link,
                        poster => $link,
+                       usemap => $link,
                }],
        );
        return $_scrubber;
                }],
        );
        return $_scrubber;
wiki compiler