aboutsummaryrefslogtreecommitdiff
path: root/doc/plugins
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-05-05 05:41:11 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-05-05 05:41:11 +0000
commit6652de5e1abcaac3ee2f4bf17e5a4b847fcadb0d (patch)
tree29c76e12b318309401a3274e13891210f275bf83 /doc/plugins
parent157df8591f03ade7504ad732446f125ae8609b05 (diff)
downloadikiwiki-6652de5e1abcaac3ee2f4bf17e5a4b847fcadb0d.tar
ikiwiki-6652de5e1abcaac3ee2f4bf17e5a4b847fcadb0d.tar.gz
* Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber
and --disable-plugin htmlscrubber.
Diffstat (limited to 'doc/plugins')
-rw-r--r--doc/plugins/htmlscrubber.mdwn30
-rw-r--r--doc/plugins/write.mdwn13
2 files changed, 41 insertions, 2 deletions
diff --git a/doc/plugins/htmlscrubber.mdwn b/doc/plugins/htmlscrubber.mdwn
new file mode 100644
index 000000000..cf0d8e02a
--- /dev/null
+++ b/doc/plugins/htmlscrubber.mdwn
@@ -0,0 +1,30 @@
+This plugin is enabled by default. It sanitizes the html on pages it renders
+to avoid XSS attacks and the like.
+
+It excludes all html tags and attributes except for those that are
+whitelisted using the same lists as used by Mark Pilgrim's Universal Feed
+Parser, documented at <http://feedparser.org/docs/html-sanitization.html>.
+Notably it strips `style`, `link`, and the `style` attribute.
+
+It uses the HTML::Scrubber perl module to perform its html
+sanitisation, and this perl module also deals with various entity encoding
+tricks.
+
+While I believe that this makes ikiwiki as resistant to malicious html
+content as anything else on the web, I cannot guarantee that it will
+actually protect every user of every browser from every browser security
+hole, badly designed feature, etc. I can provide NO WARRANTY, like it says
+in ikiwiki's [GPL](GPL) license.
+
+The web's security model is *fundamentally broken*; ikiwiki's html
+sanitisation is only a patch on the underlying gaping hole that is your web
+browser.
+
+----
+
+Some examples of embedded javascript that won't be let through when this
+plugin is active:
+
+* <span style="background: url(javascript:window.location='http://example.org/')">test</span>
+* <span style="&#x61;&#x6e;&#x79;&#x3a;&#x20;&#x65;&#x78;&#x70;&#x72;&#x65;&#x73;&#x73;&#x69;&#x6f;&#x6e;&#x28;&#x77;&#x69;&#x6e;&#x64;&#x6f;&#x77;&#x2e;&#x6c;&#x6f;&#x63;&#x61;&#x74;&#x69;&#x6f;&#x6e;&#x3d;&#x27;&#x68;&#x74;&#x74;&#x70;&#x3a;&#x2f;&#x2f;&#x65;&#x78;&#x61;&#x6d;&#x70;&#x6c;&#x65;&#x2e;&#x6f;&#x72;&#x67;&#x2f;&#x27;&#x29;">test</span>
+* <span style="&#97;&#110;&#121;&#58;&#32;&#101;&#120;&#112;&#114;&#101;&#115;&#115;&#105;&#111;&#110;&#40;&#119;&#105;&#110;&#100;&#111;&#119;&#46;&#108;&#111;&#99;&#97;&#116;&#105;&#111;&#110;&#61;&#39;&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#111;&#114;&#103;&#47;&#39;&#41;">test</span>
diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn
index ae2f8b904..6c013cd4a 100644
--- a/doc/plugins/write.mdwn
+++ b/doc/plugins/write.mdwn
@@ -49,7 +49,7 @@ return the error message as the output of the plugin.
### Html issues
-Note that if [[HTMLSanitization]] is enabled, html in
+Note that if the [[htmlscrubber]] is enabled, html in
[[PreProcessorDirective]] output is sanitised, which may limit what your
plugin can do. Also, the rest of the page content is not in html format at
preprocessor time. Text output by a preprocessor directive will be passed
@@ -75,7 +75,16 @@ IkiWiki::error if something isn't configured right.
Runs on the raw source of a page, before anything else touches it, and can
make arbitrary changes. The function is passed named parameters `page` and
-`content` should return the filtered content.
+`content` and should return the filtered content.
+
+### sanitize
+
+ IkiWiki::hook(type => "filter", id => "foo", call => \&sanitize);
+
+Use this to implement html sanitization or anything else that needs to
+modify the content of a page after it has been fully converted to html.
+The function is passed the page content and should return the sanitized
+content.
### delete