* Add embed plugin, which allows embedding content from google maps, video,

  calendar, and youtube. Normally, the htmlsanitiser eats these since they
  use unsafe tags, the embed plugin overrides it for trusted sites.
* The googlecalendar plugin is now deprecated, and will be removed
  eventually. Please switch to using the embed plugin.

4 files changed, 121 insertions, 1 deletions

diff --git a/IkiWiki/Plugin/embed.pm b/IkiWiki/Plugin/embed.pm
new file mode 100644
index 000000000..4fc91d978
--- /dev/null
+++ b/IkiWiki/Plugin/embed.pm
@@ -0,0 +1,68 @@
+#!/usr/bin/perl
+package IkiWiki::Plugin::embed;
+
+use warnings;
+use strict;
+use IkiWiki 2.00;
+
+my $attribr=qr/[^<>"]+/;
+
+# regexp matching known-safe html
+my $safehtml=qr{(
+	# google maps
+	<\s*iframe\s+width="\d+"\s+height="\d+"\s+frameborder="$attribr"\s+
+	scrolling="$attribr"\s+marginheight="\d+"\s+marginwidth="\d+"\s+
+	src="http://maps.google.com/\?$attribr"\s*>\s*</iframe>
+
+	|
+
+	# youtube
+	<\s*object\s+width="\d+"\s+height="\d+"\s*>\s*
+	<\s*param\s+name="movie"\s+value="http://www.youtube.com/v/$attribr"\s*>\s*
+	</param>\s*
+	<\s*param\s+name="wmode"\s+value="transparent"\s*>\s*</param>\s*
+	<embed\s+src="http://www.youtube.com/v/$attribr"\s+
+	type="application/x-shockwave-flash"\s+wmode="transparent"\s+
+	width="\d+"\s+height="\d+"\s*>\s*</embed>\s*</object>
+
+	|
+
+	# google video
+	<\s*embed\s+style="\s*width:\d+px;\s+height:\d+px;\s*"\s+id="$attribr"\s+
+	type="application/x-shockwave-flash"\s+
+	src="http://video.google.com/googleplayer.swf\?$attribr"\s+
+	flashvars=""\s*>\s*</embed>
+
+	|
+
+	# google calendar
+	<\s*iframe\s+src="http://www.google.com/calendar/embed\?src=$attribr"\s+
+	style="\s*border-width:\d+\s*"\s+width="\d+"\s+frameborder="\d+"\s*
+	height="\d+"\s*>\s*</iframe>
+)}sx;
+
+my @embedded;
+
+sub import { #{{{
+	hook(type => "filter", id => "embed", call => \&filter);
+} # }}}
+
+sub embed ($) { #{{{
+	hook(type => "format", id => "embed", call => \&format) unless @embedded;
+	push @embedded, shift;
+	return "<div class=\"embed$#embedded\"></div>";
+} #}}}
+
+sub filter (@) { #{{{
+	my %params=@_;
+	$params{content} =~ s/$safehtml/embed($1)/eg;
+	return $params{content};
+} # }}}
+
+sub format (@) { #{{{
+        my %params=@_;
+	$params{content} =~ s/<div class="embed(\d+)"><\/div>/$embedded[$1]/eg;
+        return $params{content};
+} # }}}
+
+1
diff --git a/debian/changelog b/debian/changelog
index 2ec096ee6..b057e7c56 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -52,8 +52,13 @@ ikiwiki (2.6) UNRELEASED; urgency=low
   * Call decode_form_utf8 before running formbuilder_setup hooks.
   * Add editdiff plugin contributed by Jeremie Koenig.
   * Fix it to not leak path info.
+  * Add embed plugin, which allows embedding content from google maps, video,
+    calendar, and youtube. Normally, the htmlsanitiser eats these since they
+    use unsafe tags, the embed plugin overrides it for trusted sites.
+  * The googlecalendar plugin is now deprecated, and will be removed
+    eventually. Please switch to using the embed plugin.
 
- -- Joey Hess <joeyh@debian.org>  Wed, 22 Aug 2007 16:56:22 -0400
+ -- Joey Hess <joeyh@debian.org>  Thu, 23 Aug 2007 14:08:46 -0400
 
 ikiwiki (2.5) unstable; urgency=low
 
diff --git a/doc/plugins/embed.mdwn b/doc/plugins/embed.mdwn
new file mode 100644
index 000000000..ba327da8d
--- /dev/null
+++ b/doc/plugins/embed.mdwn
@@ -0,0 +1,45 @@
+[[template id=plugin name=embed author="[[Joey]]"]]
+[[tag type/html]]
+
+This plugin allows embedding content from external sites on 
+wiki pages.
+
+Normally, the [[htmlscrubber]] does not allow the tags that are used for
+embedding content from external sites, since `<iframe>`, `<embed>`, and
+`<object>` tags can be used for various sorts of attacks. This plugin
+allows such tags to be put on a page, if they look like they are safe.
+
+In the examples below, the parts of the html that you can change are denoted
+with "XXX"; everything else must appear exactly as shown to be accepted by the
+plugin.
+
+## google maps
+
+Use html like this to embed a map:
+
+	<iframe width="XXX" height="XXX" frameborder="XXX" scrolling="XXXX" marginheight="XXXX" marginwidth="XXXX" src="http://maps.google.com/?XXX"></iframe>
+
+(This method only allows embeddeding a simple map. To use the full
+[Google Maps API](http://www.google.com/apis/maps/) from ikiwiki, including
+drawing points and GPS tracks on the map, try the [[contrib/googlemaps]]
+plugin.)
+
+## youtube
+
+Use html like this to embed a video:
+
+	<object width="XXX" height="XXX"><param name="movie" value="http://www.youtube.com/v/XXX"></param><param name="wmode" value="transparent"></param>
+	<embed src="http://www.youtube.com/v/XXX" type="application/x-shockwave-flash" wmode="transparent" width="XXX" height="XXX"></embed></object>
+
+## google video
+
+Use html like this to embed a video:
+
+	<embed style="width:XXXpx; height:XXXpx;" id="XXX" type="application/x-shockwave-flash" src="http://video.google.com/googleplayer.swf?XXX" flashvars=""></embed>
+
+## google calendar
+
+Use html like this to embed a calendar:
+
+	<iframe src="http://www.google.com/calendar/embed?XXX" style="border-width:XXX" width="XXX" frameborder="XXX" height="XXX"></iframe>
+
diff --git a/doc/plugins/googlecalendar.mdwn b/doc/plugins/googlecalendar.mdwn
index 940918078..6d7429d14 100644
--- a/doc/plugins/googlecalendar.mdwn
+++ b/doc/plugins/googlecalendar.mdwn
@@ -1,6 +1,8 @@
 [[template id=plugin name=googlecalendar author="[[Joey]]"]]
 [[tag type/special-purpose]]
 
+*Note*: This plugin is deprecated. Please switch to the [[embed]] plugin.
+
 This plugin allows embedding a google calendar iframe in the wiki.
 Normally, if the [[htmlscrubber]] is enabled, such iframes are scrubbed out
 of the wiki content since they're not very safe if created by malicious