diff options
author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-04-25 03:18:21 +0000 |
---|---|---|
committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-04-25 03:18:21 +0000 |
commit | d7aecf6ddc19d1dac30ec5616134c2a7e7f4d573 (patch) | |
tree | 8fd8153d97e2e5ce8e96533d1f750a71e789ab52 /IkiWiki | |
parent | 5e1db8afa91c027284e4a800449b6a5a00b4d12e (diff) | |
download | ikiwiki-d7aecf6ddc19d1dac30ec5616134c2a7e7f4d573.tar ikiwiki-d7aecf6ddc19d1dac30ec5616134c2a7e7f4d573.tar.gz |
implemented html sanitisation
Diffstat (limited to 'IkiWiki')
-rw-r--r-- | IkiWiki/Render.pm | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm index dfa598da0..d0d28e802 100644 --- a/IkiWiki/Render.pm +++ b/IkiWiki/Render.pm @@ -18,6 +18,40 @@ sub linkify ($$) { #{{{ return $content; } #}}} +my $_scrubber; +sub scrubber { #{{{ + return $_scrubber if defined $_scrubber; + + eval q{use HTML::Scrubber}; + # Lists based on http://feedparser.org/docs/html-sanitization.html + $_scrubber = HTML::Scrubber->new( + allow => [qw{ + a abbr acronym address area b big blockquote br + button caption center cite code col colgroup dd del + dfn dir div dl dt em fieldset font form h1 h2 h3 h4 + h5 h6 hr i img input ins kbd label legend li map + menu ol optgroup option p pre q s samp select small + span strike strong sub sup table tbody td textarea + tfoot th thead tr tt u ul var + }], + default => [undef, { map { $_ => 1 } qw{ + abbr accept accept-charset accesskey action + align alt axis border cellpadding cellspacing + char charoff charset checked cite class + clear cols colspan color compact coords + datetime dir disabled enctype for frame + headers height href hreflang hspace id ismap + label lang longdesc maxlength media method + multiple name nohref noshade nowrap prompt + readonly rel rev rows rowspan rules scope + selected shape size span src start summary + tabindex target title type usemap valign + value vspace width + }}], + ); + return $_scrubber; +} # }}} + sub htmlize ($$) { #{{{ my $type=shift; my $content=shift; @@ -30,11 +64,17 @@ sub htmlize ($$) { #{{{ } if ($type eq '.mdwn') { - return Markdown::Markdown($content); + $content=Markdown::Markdown($content); } else { error("htmlization of $type not supported"); } + + if ($config{sanitize}) { + $content=scrubber()->scrub($content); + } + + return $content; } #}}} sub backlinks ($) { #{{{ |