+I'd like to hear what people think about the following:
+
+1. Including whitelists of elements and attributes for SVG and MathML in
+ htmlscrubber.
+
+2. Creating a whitelist of safe SVG (and maybe even HTML) style
+ attributes such as `fill`, `stroke-width`, etc.
+
+ This is how the [sanitizer][] in html5lib works. It shouldn't be too
+ hard to translate the relevant parts to Perl.
+
+ --[[JasonBlevins]], March 21, 2008 11:39 EDT
+
+[sanitizer]: http://code.google.com/p/html5lib/source/browse/trunk/ruby/lib/html5/sanitizer.rb
+
+* * *
+
+Another problem is that [HTML::Scrubber][] converts all tags to lowercase.
+Some SVG elements, such as viewBox, are mixed case. It seems that
+properly handling SVG might require moving to a different sanitizer.
+It seems that [HTML::Sanitizer][] has functions for sanitizing XHTML.
+Any thoughts? --[[JasonBlevins]], March 21, 2008 13:54 EDT
+
+[HTML::Scrubber]: http://search.cpan.org/~podmaster/HTML-Scrubber-0.08/Scrubber.pm
+[HTML::Sanitizer]: http://search.cpan.org/~nesting/HTML-Sanitizer-0.04/Sanitizer.pm
+
+I figured out a quick hack to make HTML::Scrubber case-sensitive by
+making the underlying HTML::Parser case-sensitive:
+
+ $_scrubber->{_p}->case_sensitive(1);
+
+So now I've got a version of [htmlscrubber.pm][] ([diff][])
+which allows safe SVG and MathML elements and attributes (but no
+styles—do we need them?). I'd be thrilled to see this
+in the trunk if other people think it's useful.
+--[[JasonBlevins]], March 24, 2008 14:56 EDT
+
+[htmlscrubber.pm]:http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blob;f=IkiWiki/Plugin/htmlscrubber.pm;h=3c0ddc8f25bd8cb863634a9d54b40e299e60f7df;hb=fe333c8e5b4a5f374a059596ee698dacd755182d
+[diff]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blobdiff;f=IkiWiki/Plugin/htmlscrubber.pm;h=3c0ddc8f25bd8cb863634a9d54b40e299e60f7df;hp=3bdaccea119ec0e1b289a0da2f6d90e2219b8d66;hb=fe333c8e5b4a5f374a059596ee698dacd755182d;hpb=be0b4f603f918444b906e42825908ddac78b7073
sipb-www / ikiwiki.git / blobdiff