diff options
| author | Joey Hess <joey@kitenet.net> | 2008-03-24 15:47:13 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2008-03-24 15:47:13 -0400 |
| commit | c88ae3768e75eccc5a16cefe85b17b04943aac04 (patch) | |
| tree | f19533d3279a9fff9c7b1c981ac127ec2e51cb78 | |
| parent | 6f5903b54d8037245517d1b9145656c791fb63e2 (diff) | |
| download | ikiwiki-c88ae3768e75eccc5a16cefe85b17b04943aac04.tar ikiwiki-c88ae3768e75eccc5a16cefe85b17b04943aac04.tar.gz | |
web commit by http://jblevins.org/: htmlscrubber patch to sanitize SVG and MathML
| -rw-r--r-- | doc/todo/svg.mdwn | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/doc/todo/svg.mdwn b/doc/todo/svg.mdwn index 9649ba9b4..0a15af4cd 100644 --- a/doc/todo/svg.mdwn +++ b/doc/todo/svg.mdwn @@ -20,8 +20,7 @@ right. I'll post a new one when it's working properly.</ins> --[[JasonBlevins]] I'd like to hear what people think about the following: 1. Including whitelists of elements and attributes for SVG and MathML in - htmlscrubber. See my current [htmlscrubber.pm][] and the [diff][] - from the current trunk. + htmlscrubber. 2. Creating a whitelist of safe SVG (and maybe even HTML) style attributes such as `fill`, `stroke-width`, etc. @@ -31,8 +30,6 @@ I'd like to hear what people think about the following: --[[JasonBlevins]], March 21, 2008 11:39 EDT -[htmlscrubber.pm]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blob;f=IkiWiki/Plugin/htmlscrubber.pm;hb=fa9045c07efce434f24edb05b542c88815452873 -[diff]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blobdiff;f=IkiWiki/Plugin/htmlscrubber.pm;h=35c546620f8f58eb50c72783f11d422b06de93ca;hp=3bdaccea119ec0e1b289a0da2f6d90e2219b8d66;hb=fa9045c07efce434f24edb05b542c88815452873;hpb=be0b4f603f918444b906e42825908ddac78b7073 [sanitizer]: http://code.google.com/p/html5lib/source/browse/trunk/ruby/lib/html5/sanitizer.rb * * * @@ -45,3 +42,17 @@ Any thoughts? --[[JasonBlevins]], March 21, 2008 13:54 EDT [HTML::Scrubber]: http://search.cpan.org/~podmaster/HTML-Scrubber-0.08/Scrubber.pm [HTML::Sanitizer]: http://search.cpan.org/~nesting/HTML-Sanitizer-0.04/Sanitizer.pm + +I figured out a quick hack to make HTML::Scrubber case-sensitive by +making the underlying HTML::Parser case-sensitive: + + $_scrubber->{_p}->case_sensitive(1); + +So now I've got a version of [htmlscrubber.pm][] ([diff][]) +which allows safe SVG and MathML elements and attributes (but no +styles—do we need them?). I'd be thrilled to see this +in the trunk if other people think it's useful. +--[[JasonBlevins]], March 24, 2008 14:56 EDT + +[htmlscrubber.pm]:http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blob;f=IkiWiki/Plugin/htmlscrubber.pm;h=3c0ddc8f25bd8cb863634a9d54b40e299e60f7df;hb=fe333c8e5b4a5f374a059596ee698dacd755182d +[diff]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blobdiff;f=IkiWiki/Plugin/htmlscrubber.pm;h=3c0ddc8f25bd8cb863634a9d54b40e299e60f7df;hp=3bdaccea119ec0e1b289a0da2f6d90e2219b8d66;hb=fe333c8e5b4a5f374a059596ee698dacd755182d;hpb=be0b4f603f918444b906e42825908ddac78b7073 |