diff options
author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-06-02 06:11:22 +0000 |
---|---|---|
committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-06-02 06:11:22 +0000 |
commit | 54541869392f162bb195b8b67814ef0a394c1961 (patch) | |
tree | c12d1ef5312bc69657075d4ff769f3239aa394ea /doc/plugins/write.mdwn | |
parent | 03867bf323fda5d582a53341f8f1a0a3460d76d6 (diff) | |
download | ikiwiki-54541869392f162bb195b8b67814ef0a394c1961.tar ikiwiki-54541869392f162bb195b8b67814ef0a394c1961.tar.gz |
meta headers are not sanitised; prevent html leaking into them
Diffstat (limited to 'doc/plugins/write.mdwn')
-rw-r--r-- | doc/plugins/write.mdwn | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn index b2b7c6ff8..515c4d90d 100644 --- a/doc/plugins/write.mdwn +++ b/doc/plugins/write.mdwn @@ -79,15 +79,6 @@ Runs on the raw source of a page, before anything else touches it, and can make arbitrary changes. The function is passed named parameters `page` and `content` and should return the filtered content. -## sanitize - - IkiWiki::hook(type => "filter", id => "foo", call => \&sanitize); - -Use this to implement html sanitization or anything else that needs to -modify the content of a page after it has been fully converted to html. -The function is passed the page content and should return the sanitized -content. - ## pagetemplate IkiWiki::hook(type => "pagetemplate", id => "foo", call => \&pagetemplate); @@ -99,6 +90,15 @@ be used to generate the page. It can manipulate that template, the most common thing to do is probably to call $template->param() to add a new custom parameter to the template. +## sanitize + + IkiWiki::hook(type => "sanitize", id => "foo", call => \&sanitize); + +Use this to implement html sanitization or anything else that needs to +modify the content of a page after it has been fully converted to html. +The function is passed the page content and should return the sanitized +content. + ## delete IkiWiki::hook(type => "delete", id => "foo", call => \&dele); |