aboutsummaryrefslogtreecommitdiff
path: root/IkiWiki
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-04-25 03:18:21 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-04-25 03:18:21 +0000
commitd7aecf6ddc19d1dac30ec5616134c2a7e7f4d573 (patch)
tree8fd8153d97e2e5ce8e96533d1f750a71e789ab52 /IkiWiki
parent5e1db8afa91c027284e4a800449b6a5a00b4d12e (diff)
downloadikiwiki-d7aecf6ddc19d1dac30ec5616134c2a7e7f4d573.tar
ikiwiki-d7aecf6ddc19d1dac30ec5616134c2a7e7f4d573.tar.gz
implemented html sanitisation
Diffstat (limited to 'IkiWiki')
-rw-r--r--IkiWiki/Render.pm42
1 files changed, 41 insertions, 1 deletions
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index dfa598da0..d0d28e802 100644
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -18,6 +18,40 @@ sub linkify ($$) { #{{{
return $content;
} #}}}
+my $_scrubber;
+sub scrubber { #{{{
+ return $_scrubber if defined $_scrubber;
+
+ eval q{use HTML::Scrubber};
+ # Lists based on http://feedparser.org/docs/html-sanitization.html
+ $_scrubber = HTML::Scrubber->new(
+ allow => [qw{
+ a abbr acronym address area b big blockquote br
+ button caption center cite code col colgroup dd del
+ dfn dir div dl dt em fieldset font form h1 h2 h3 h4
+ h5 h6 hr i img input ins kbd label legend li map
+ menu ol optgroup option p pre q s samp select small
+ span strike strong sub sup table tbody td textarea
+ tfoot th thead tr tt u ul var
+ }],
+ default => [undef, { map { $_ => 1 } qw{
+ abbr accept accept-charset accesskey action
+ align alt axis border cellpadding cellspacing
+ char charoff charset checked cite class
+ clear cols colspan color compact coords
+ datetime dir disabled enctype for frame
+ headers height href hreflang hspace id ismap
+ label lang longdesc maxlength media method
+ multiple name nohref noshade nowrap prompt
+ readonly rel rev rows rowspan rules scope
+ selected shape size span src start summary
+ tabindex target title type usemap valign
+ value vspace width
+ }}],
+ );
+ return $_scrubber;
+} # }}}
+
sub htmlize ($$) { #{{{
my $type=shift;
my $content=shift;
@@ -30,11 +64,17 @@ sub htmlize ($$) { #{{{
}
if ($type eq '.mdwn') {
- return Markdown::Markdown($content);
+ $content=Markdown::Markdown($content);
}
else {
error("htmlization of $type not supported");
}
+
+ if ($config{sanitize}) {
+ $content=scrubber()->scrub($content);
+ }
+
+ return $content;
} #}}}
sub backlinks ($) { #{{{