From: Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Date: Mon, 17 Nov 2008 09:10:06 +0000 (+0000)
Subject: smcvpostcomment: remove HTML if not allowed
X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/commitdiff_plain/1bd1b03766704bbf2271e87cf4a68978827f31fb

smcvpostcomment: remove HTML if not allowed
---

diff --git a/IkiWiki/Plugin/smcvpostcomment.pm b/IkiWiki/Plugin/smcvpostcomment.pm
index 43b1d3e6f..07f008e5e 100644
--- a/IkiWiki/Plugin/smcvpostcomment.pm
+++ b/IkiWiki/Plugin/smcvpostcomment.pm
@@ -205,6 +205,12 @@ sub sessioncgi ($$) { #{{{
 			unless $config{prefix_directives};
 	}
 
+	unless ($allow_html) {
+		$body =~ s/&(\w|#)/&amp;$1/g;
+		$body =~ s/</&lt;/g;
+		$body =~ s/>/&gt;/g;
+	}
+
 	# In this template, the [[!meta]] directives should stay at the end,
 	# so that they will override anything the user specifies. (For
 	# instance, [[!meta author="I can fake the author"]]...)