diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-05-05 05:41:11 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-05-05 05:41:11 +0000 |
| commit | 6652de5e1abcaac3ee2f4bf17e5a4b847fcadb0d (patch) | |
| tree | 29c76e12b318309401a3274e13891210f275bf83 /doc/plugins/htmlscrubber.mdwn | |
| parent | 157df8591f03ade7504ad732446f125ae8609b05 (diff) | |
| download | ikiwiki-6652de5e1abcaac3ee2f4bf17e5a4b847fcadb0d.tar ikiwiki-6652de5e1abcaac3ee2f4bf17e5a4b847fcadb0d.tar.gz | |
* Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber
and --disable-plugin htmlscrubber.
Diffstat (limited to 'doc/plugins/htmlscrubber.mdwn')
| -rw-r--r-- | doc/plugins/htmlscrubber.mdwn | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/doc/plugins/htmlscrubber.mdwn b/doc/plugins/htmlscrubber.mdwn new file mode 100644 index 000000000..cf0d8e02a --- /dev/null +++ b/doc/plugins/htmlscrubber.mdwn @@ -0,0 +1,30 @@ +This plugin is enabled by default. It sanitizes the html on pages it renders +to avoid XSS attacks and the like. + +It excludes all html tags and attributes except for those that are +whitelisted using the same lists as used by Mark Pilgrim's Universal Feed +Parser, documented at <http://feedparser.org/docs/html-sanitization.html>. +Notably it strips `style`, `link`, and the `style` attribute. + +It uses the HTML::Scrubber perl module to perform its html +sanitisation, and this perl module also deals with various entity encoding +tricks. + +While I believe that this makes ikiwiki as resistant to malicious html +content as anything else on the web, I cannot guarantee that it will +actually protect every user of every browser from every browser security +hole, badly designed feature, etc. I can provide NO WARRANTY, like it says +in ikiwiki's [GPL](GPL) license. + +The web's security model is *fundamentally broken*; ikiwiki's html +sanitisation is only a patch on the underlying gaping hole that is your web +browser. + +---- + +Some examples of embedded javascript that won't be let through when this +plugin is active: + +* <span style="background: url(javascript:window.location='http://example.org/')">test</span> +* <span style="any: expression(window.location='http://example.org/')">test</span> +* <span style="any: expression(window.location='http://example.org/')">test</span> |