* Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber

  and --disable-plugin htmlscrubber.

8 files changed, 34 insertions, 26 deletions

diff --git a/doc/ikiwiki.setup b/doc/ikiwiki.setup
index 3e0e1599e..17d3be7d7 100644
--- a/doc/ikiwiki.setup
+++ b/doc/ikiwiki.setup
@@ -48,8 +48,7 @@ use IkiWiki::Setup::Standard {
 	#anonok => 1,
 	# Generate rss feeds for pages?
 	rss => 1,
-	# Sanitize html?
-	sanitize => 1,
 	# To change the enabled plugins, edit this list
-	#plugin => [qw{pagecount inline brokenlinks hyperestraier smiley}],
+	#plugin => [qw{pagecount inline brokenlinks hyperestraier smiley
+	#              htmlscrubber}],
 }
diff --git a/doc/news/sanitization.mdwn b/doc/news/sanitization.mdwn
index 6ce254157..419d589c9 100644
--- a/doc/news/sanitization.mdwn
+++ b/doc/news/sanitization.mdwn
@@ -1,7 +1,8 @@
-ikiwiki's main outstanding security hole, lack of [[HtmlSanitization]] has
-now been addressed. ikiwiki now sanitizes html by default.
+ikiwiki's main outstanding security hole, lack of html sanitization, has
+now been addressed. ikiwiki now sanitizes html by default, using the
+[[plugins/htmlscrubber]] plugin.
 
 If only trusted parties can edit your wiki's content, then you might want
 to turn this sanitization back off to allow use of potentially dangerous
-tags. To do so, pass --no-sanitize or set "sanitize => 0," in your
-[[ikiwiki.setup]].
+tags. To do so, pass --disable-plugin=sanitize or edit the plugins
+configuration in your [[ikiwiki.setup]].
diff --git a/doc/plugins.mdwn b/doc/plugins.mdwn
index 07c236057..e2f0492af 100644
--- a/doc/plugins.mdwn
+++ b/doc/plugins.mdwn
@@ -1,9 +1,9 @@
 There's documentation if you want to [[write]] your own plugins, or you can install and use plugins contributed by others. 
 
 The ikiwiki package includes some standard plugins that are installed and
-by default. These include [[inline]], [[pagecount]], [[brokenlinks]],
-[[search]], [[smiley]], and even [[haiku]]. 
-Of these, [[inline]] is enabled by default.
+by default. These include [[inline]], [[htmlscrubber]], [[pagecount]],
+[[brokenlinks]], [[search]], [[smiley]], and even [[haiku]]. 
+Of these, [[inline]] and [[htmlscrubber]] are enabled by default.
 
 To enable other plugins, use the `--plugin` switch described in [[usage]],
 or the equivalent line in [[ikiwiki.setup]].
diff --git a/doc/htmlsanitization.mdwn b/doc/plugins/htmlscrubber.mdwn
index 2c814e8e4..cf0d8e02a 100644
--- a/doc/htmlsanitization.mdwn
+++ b/doc/plugins/htmlscrubber.mdwn
@@ -1,13 +1,12 @@
-When run with the `--sanitize` switch, which is turned on by default (see
-[[usage]]), ikiwiki sanitizes the html on pages it renders to avoid XSS
-attacks and the like.
+This plugin is enabled by default. It sanitizes the html on pages it renders
+to avoid XSS attacks and the like.
 
-ikiwiki excludes all html tags and attributes except for those that are
+It excludes all html tags and attributes except for those that are
 whitelisted using the same lists as used by Mark Pilgrim's Universal Feed
 Parser, documented at <http://feedparser.org/docs/html-sanitization.html>.
 Notably it strips `style`, `link`, and the `style` attribute.
 
-ikiwiki uses the HTML::Scrubber perl module to perform its html
+It uses the HTML::Scrubber perl module to perform its html
 sanitisation, and this perl module also deals with various entity encoding
 tricks.
 
@@ -23,7 +22,8 @@ browser.
 
 ----
 
-Some examples of embedded javascript that won't be let through.
+Some examples of embedded javascript that won't be let through when this
+plugin is active:
 
 * <span style="background: url(javascript:window.location='http://example.org/')">test</span>
 * <span style="&#x61;&#x6e;&#x79;&#x3a;&#x20;&#x65;&#x78;&#x70;&#x72;&#x65;&#x73;&#x73;&#x69;&#x6f;&#x6e;&#x28;&#x77;&#x69;&#x6e;&#x64;&#x6f;&#x77;&#x2e;&#x6c;&#x6f;&#x63;&#x61;&#x74;&#x69;&#x6f;&#x6e;&#x3d;&#x27;&#x68;&#x74;&#x74;&#x70;&#x3a;&#x2f;&#x2f;&#x65;&#x78;&#x61;&#x6d;&#x70;&#x6c;&#x65;&#x2e;&#x6f;&#x72;&#x67;&#x2f;&#x27;&#x29;">test</span>
diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn
index ae2f8b904..6c013cd4a 100644
--- a/doc/plugins/write.mdwn
+++ b/doc/plugins/write.mdwn
@@ -49,7 +49,7 @@ return the error message as the output of the plugin.
 
 ### Html issues
 
-Note that if [[HTMLSanitization]] is enabled, html in
+Note that if the [[htmlscrubber]] is enabled, html in
 [[PreProcessorDirective]] output is sanitised, which may limit what your
 plugin can do. Also, the rest of the page content is not in html format at
 preprocessor time. Text output by a preprocessor directive will be passed
@@ -75,7 +75,16 @@ IkiWiki::error if something isn't configured right.
 
 Runs on the raw source of a page, before anything else touches it, and can
 make arbitrary changes. The function is passed named parameters `page` and
-`content` should return the filtered content.
+`content` and should return the filtered content.
+
+### sanitize
+
+	IkiWiki::hook(type => "filter", id => "foo", call => \&sanitize);
+
+Use this to implement html sanitization or anything else that needs to
+modify the content of a page after it has been fully converted to html.
+The function is passed the page content and should return the sanitized
+content.
 
 ### delete
 
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 77552b1b2..73d98a3ae 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -215,4 +215,5 @@ pages from source with some other extension.
 
 ## XSS attacks in page content
 
-ikiwiki supports [[HtmlSanitization]], though it can be turned off.
+ikiwiki supports protecting users from their own broken browsers via the
+[[plugins/htmlscrubber]] plugin, which is enabled by default.
diff --git a/doc/todo/plugin.mdwn b/doc/todo/plugin.mdwn
index 84c3d68f5..0b90b7cae 100644
--- a/doc/todo/plugin.mdwn
+++ b/doc/todo/plugin.mdwn
@@ -25,8 +25,6 @@ Suggestions of ideas for plugins:
   or something. It's possible that this is a special case of backlinks and
   is best implemented by making backlinks a plugin somehow. --[[Joey]]
 
-* Splitting out html sanitisation should be easy to do.
-
 * interwiki links
 
 All the kinds of plugins that blogging software has is also a possibility:
diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index eac72cdc7..3a46dade8 100644
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -162,16 +162,16 @@ These options configure the wiki.
   Currently allows locking of any page, other powers may be added later.
   May be specified multiple times for multiple admins.
 
-* --sanitize
-
-  Enable [[HtmlSanitization]] of wiki content. On by default, disable with
-  --no-sanitize.
-
 * --plugin name
 
   Enables the use of the specified plugin in the wiki. See [[plugins]] for
   details. Note that plugin names are case sensative.
 
+* --disable-plugin name
+
+  Disables use of a plugin. For example "--disable-plugin htmlscrubber"
+  to do away with html sanitization.
+
 * --verbose
 
   Be vebose about what is being done.