aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--IkiWiki.pm3
-rw-r--r--IkiWiki/Plugin/htmlscrubber.pm51
-rw-r--r--IkiWiki/Plugin/skeleton.pm14
-rw-r--r--IkiWiki/Render.pm40
-rw-r--r--debian/NEWS5
-rw-r--r--debian/changelog4
-rw-r--r--doc/ikiwiki.setup5
-rw-r--r--doc/news/sanitization.mdwn9
-rw-r--r--doc/plugins.mdwn6
-rw-r--r--doc/plugins/htmlscrubber.mdwn (renamed from doc/htmlsanitization.mdwn)12
-rw-r--r--doc/plugins/write.mdwn13
-rw-r--r--doc/security.mdwn3
-rw-r--r--doc/todo/plugin.mdwn2
-rw-r--r--doc/usage.mdwn10
-rwxr-xr-xikiwiki6
15 files changed, 114 insertions, 69 deletions
diff --git a/IkiWiki.pm b/IkiWiki.pm
index 6a62d9f0e..443a88044 100644
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -26,7 +26,6 @@ sub defaultconfig () { #{{{
diffurl => '',
anonok => 0,
rss => 0,
- sanitize => 1,
rebuild => 0,
refresh => 0,
getctime => 0,
@@ -41,7 +40,7 @@ sub defaultconfig () { #{{{
setup => undef,
adminuser => undef,
adminemail => undef,
- plugin => [qw{inline}],
+ plugin => [qw{inline htmlscrubber}],
headercontent => '',
} #}}}
diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
new file mode 100644
index 000000000..41cf6c991
--- /dev/null
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -0,0 +1,51 @@
+#!/usr/bin/perl
+package IkiWiki::Plugin::htmlscrubber;
+
+use warnings;
+use strict;
+use IkiWiki;
+
+sub import { #{{{
+ IkiWiki::hook(type => "sanitize", id => "htmlscrubber",
+ call => \&sanitize);
+} # }}}
+
+sub sanitize ($) { #{{{
+ return scrubber()->scrub(shift);
+} # }}}
+
+my $_scrubber;
+sub scrubber { #{{{
+ return $_scrubber if defined $_scrubber;
+
+ eval q{use HTML::Scrubber};
+ # Lists based on http://feedparser.org/docs/html-sanitization.html
+ $_scrubber = HTML::Scrubber->new(
+ allow => [qw{
+ a abbr acronym address area b big blockquote br
+ button caption center cite code col colgroup dd del
+ dfn dir div dl dt em fieldset font form h1 h2 h3 h4
+ h5 h6 hr i img input ins kbd label legend li map
+ menu ol optgroup option p pre q s samp select small
+ span strike strong sub sup table tbody td textarea
+ tfoot th thead tr tt u ul var
+ }],
+ default => [undef, { map { $_ => 1 } qw{
+ abbr accept accept-charset accesskey action
+ align alt axis border cellpadding cellspacing
+ char charoff charset checked cite class
+ clear cols colspan color compact coords
+ datetime dir disabled enctype for frame
+ headers height href hreflang hspace id ismap
+ label lang longdesc maxlength media method
+ multiple name nohref noshade nowrap prompt
+ readonly rel rev rows rowspan rules scope
+ selected shape size span src start summary
+ tabindex target title type usemap valign
+ value vspace width
+ }}],
+ );
+ return $_scrubber;
+} # }}}
+
+1
diff --git a/IkiWiki/Plugin/skeleton.pm b/IkiWiki/Plugin/skeleton.pm
index d5a2125e5..346dfa5ff 100644
--- a/IkiWiki/Plugin/skeleton.pm
+++ b/IkiWiki/Plugin/skeleton.pm
@@ -15,6 +15,8 @@ sub import { #{{{
call => \&preprocess);
IkiWiki::hook(type => "filter", id => "skeleton",
call => \&filter);
+ IkiWiki::hook(type => "sanitize", id => "skeleton",
+ call => \&sanitize);
IkiWiki::hook(type => "delete", id => "skeleton",
call => \&delete);
IkiWiki::hook(type => "change", id => "skeleton",
@@ -33,11 +35,19 @@ sub preprocess (@) { #{{{
return "skeleton plugin result";
} # }}}
-sub filter ($) { #{{{
- my $content=shift;
+sub filter (@) { #{{{
+ my %params=@_;
IkiWiki::debug("skeleton plugin running as filter");
+ return $params{content};
+} # }}}
+
+sub sanitize ($) { #{{{
+ my $content=shift;
+
+ IkiWiki::debug("skeleton plugin running as a sanitizer");
+
return $content;
} # }}}
diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index 262e0ec29..9feaa6da7 100644
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -19,40 +19,6 @@ sub linkify ($$) { #{{{
return $content;
} #}}}
-my $_scrubber;
-sub scrubber { #{{{
- return $_scrubber if defined $_scrubber;
-
- eval q{use HTML::Scrubber};
- # Lists based on http://feedparser.org/docs/html-sanitization.html
- $_scrubber = HTML::Scrubber->new(
- allow => [qw{
- a abbr acronym address area b big blockquote br
- button caption center cite code col colgroup dd del
- dfn dir div dl dt em fieldset font form h1 h2 h3 h4
- h5 h6 hr i img input ins kbd label legend li map
- menu ol optgroup option p pre q s samp select small
- span strike strong sub sup table tbody td textarea
- tfoot th thead tr tt u ul var
- }],
- default => [undef, { map { $_ => 1 } qw{
- abbr accept accept-charset accesskey action
- align alt axis border cellpadding cellspacing
- char charoff charset checked cite class
- clear cols colspan color compact coords
- datetime dir disabled enctype for frame
- headers height href hreflang hspace id ismap
- label lang longdesc maxlength media method
- multiple name nohref noshade nowrap prompt
- readonly rel rev rows rowspan rules scope
- selected shape size span src start summary
- tabindex target title type usemap valign
- value vspace width
- }}],
- );
- return $_scrubber;
-} # }}}
-
sub htmlize ($$) { #{{{
my $type=shift;
my $content=shift;
@@ -71,8 +37,10 @@ sub htmlize ($$) { #{{{
error("htmlization of $type not supported");
}
- if ($config{sanitize}) {
- $content=scrubber()->scrub($content);
+ if (exists $hooks{sanitize}) {
+ foreach my $id (keys %{$hooks{sanitize}}) {
+ $content=$hooks{sanitize}{$id}{call}->($content);
+ }
}
return $content;
diff --git a/debian/NEWS b/debian/NEWS
index 130d1bd57..5bb107519 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -9,6 +9,11 @@ ikiwiki (1.1) unstable; urgency=low
search plugin, by passing --plugin=search or through the plugin setting in
the config file.
+ The --sanitize and --no-sanitize switches are also gone, replaced with the
+ htmlscrubber plugin. This plugin is enabled by default, to disable it,
+ use --disable-plugin=htmlscrubber, or modify the plugin setting in the
+ config file.
+
You will need to rebuild your wiki when upgrading to this version.
If you listed your wiki in /etc/ikiwiki/wikilist this will be done
automatically.
diff --git a/debian/changelog b/debian/changelog
index bd82cd48b..a7887e17f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -43,8 +43,10 @@ ikiwiki (1.1) UNRELEASED; urgency=low
* Copied in some smileys from Moin Moin.
* Allow links of the form [[some page|page]], with whitespace in the link
text.
+ * Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber
+ and --disable-plugin htmlscrubber.
- -- Joey Hess <joeyh@debian.org> Fri, 5 May 2006 00:14:53 -0400
+ -- Joey Hess <joeyh@debian.org> Fri, 5 May 2006 01:28:19 -0400
ikiwiki (1.0) unstable; urgency=low
diff --git a/doc/ikiwiki.setup b/doc/ikiwiki.setup
index 3e0e1599e..17d3be7d7 100644
--- a/doc/ikiwiki.setup
+++ b/doc/ikiwiki.setup
@@ -48,8 +48,7 @@ use IkiWiki::Setup::Standard {
#anonok => 1,
# Generate rss feeds for pages?
rss => 1,
- # Sanitize html?
- sanitize => 1,
# To change the enabled plugins, edit this list
- #plugin => [qw{pagecount inline brokenlinks hyperestraier smiley}],
+ #plugin => [qw{pagecount inline brokenlinks hyperestraier smiley
+ # htmlscrubber}],
}
diff --git a/doc/news/sanitization.mdwn b/doc/news/sanitization.mdwn
index 6ce254157..419d589c9 100644
--- a/doc/news/sanitization.mdwn
+++ b/doc/news/sanitization.mdwn
@@ -1,7 +1,8 @@
-ikiwiki's main outstanding security hole, lack of [[HtmlSanitization]] has
-now been addressed. ikiwiki now sanitizes html by default.
+ikiwiki's main outstanding security hole, lack of html sanitization, has
+now been addressed. ikiwiki now sanitizes html by default, using the
+[[plugins/htmlscrubber]] plugin.
If only trusted parties can edit your wiki's content, then you might want
to turn this sanitization back off to allow use of potentially dangerous
-tags. To do so, pass --no-sanitize or set "sanitize =&gt; 0," in your
-[[ikiwiki.setup]].
+tags. To do so, pass --disable-plugin=sanitize or edit the plugins
+configuration in your [[ikiwiki.setup]].
diff --git a/doc/plugins.mdwn b/doc/plugins.mdwn
index 07c236057..e2f0492af 100644
--- a/doc/plugins.mdwn
+++ b/doc/plugins.mdwn
@@ -1,9 +1,9 @@
There's documentation if you want to [[write]] your own plugins, or you can install and use plugins contributed by others.
The ikiwiki package includes some standard plugins that are installed and
-by default. These include [[inline]], [[pagecount]], [[brokenlinks]],
-[[search]], [[smiley]], and even [[haiku]].
-Of these, [[inline]] is enabled by default.
+by default. These include [[inline]], [[htmlscrubber]], [[pagecount]],
+[[brokenlinks]], [[search]], [[smiley]], and even [[haiku]].
+Of these, [[inline]] and [[htmlscrubber]] are enabled by default.
To enable other plugins, use the `--plugin` switch described in [[usage]],
or the equivalent line in [[ikiwiki.setup]].
diff --git a/doc/htmlsanitization.mdwn b/doc/plugins/htmlscrubber.mdwn
index 2c814e8e4..cf0d8e02a 100644
--- a/doc/htmlsanitization.mdwn
+++ b/doc/plugins/htmlscrubber.mdwn
@@ -1,13 +1,12 @@
-When run with the `--sanitize` switch, which is turned on by default (see
-[[usage]]), ikiwiki sanitizes the html on pages it renders to avoid XSS
-attacks and the like.
+This plugin is enabled by default. It sanitizes the html on pages it renders
+to avoid XSS attacks and the like.
-ikiwiki excludes all html tags and attributes except for those that are
+It excludes all html tags and attributes except for those that are
whitelisted using the same lists as used by Mark Pilgrim's Universal Feed
Parser, documented at <http://feedparser.org/docs/html-sanitization.html>.
Notably it strips `style`, `link`, and the `style` attribute.
-ikiwiki uses the HTML::Scrubber perl module to perform its html
+It uses the HTML::Scrubber perl module to perform its html
sanitisation, and this perl module also deals with various entity encoding
tricks.
@@ -23,7 +22,8 @@ browser.
----
-Some examples of embedded javascript that won't be let through.
+Some examples of embedded javascript that won't be let through when this
+plugin is active:
* <span style="background: url(javascript:window.location='http://example.org/')">test</span>
* <span style="&#x61;&#x6e;&#x79;&#x3a;&#x20;&#x65;&#x78;&#x70;&#x72;&#x65;&#x73;&#x73;&#x69;&#x6f;&#x6e;&#x28;&#x77;&#x69;&#x6e;&#x64;&#x6f;&#x77;&#x2e;&#x6c;&#x6f;&#x63;&#x61;&#x74;&#x69;&#x6f;&#x6e;&#x3d;&#x27;&#x68;&#x74;&#x74;&#x70;&#x3a;&#x2f;&#x2f;&#x65;&#x78;&#x61;&#x6d;&#x70;&#x6c;&#x65;&#x2e;&#x6f;&#x72;&#x67;&#x2f;&#x27;&#x29;">test</span>
diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn
index ae2f8b904..6c013cd4a 100644
--- a/doc/plugins/write.mdwn
+++ b/doc/plugins/write.mdwn
@@ -49,7 +49,7 @@ return the error message as the output of the plugin.
### Html issues
-Note that if [[HTMLSanitization]] is enabled, html in
+Note that if the [[htmlscrubber]] is enabled, html in
[[PreProcessorDirective]] output is sanitised, which may limit what your
plugin can do. Also, the rest of the page content is not in html format at
preprocessor time. Text output by a preprocessor directive will be passed
@@ -75,7 +75,16 @@ IkiWiki::error if something isn't configured right.
Runs on the raw source of a page, before anything else touches it, and can
make arbitrary changes. The function is passed named parameters `page` and
-`content` should return the filtered content.
+`content` and should return the filtered content.
+
+### sanitize
+
+ IkiWiki::hook(type => "filter", id => "foo", call => \&sanitize);
+
+Use this to implement html sanitization or anything else that needs to
+modify the content of a page after it has been fully converted to html.
+The function is passed the page content and should return the sanitized
+content.
### delete
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 77552b1b2..73d98a3ae 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -215,4 +215,5 @@ pages from source with some other extension.
## XSS attacks in page content
-ikiwiki supports [[HtmlSanitization]], though it can be turned off.
+ikiwiki supports protecting users from their own broken browsers via the
+[[plugins/htmlscrubber]] plugin, which is enabled by default.
diff --git a/doc/todo/plugin.mdwn b/doc/todo/plugin.mdwn
index 84c3d68f5..0b90b7cae 100644
--- a/doc/todo/plugin.mdwn
+++ b/doc/todo/plugin.mdwn
@@ -25,8 +25,6 @@ Suggestions of ideas for plugins:
or something. It's possible that this is a special case of backlinks and
is best implemented by making backlinks a plugin somehow. --[[Joey]]
-* Splitting out html sanitisation should be easy to do.
-
* interwiki links
All the kinds of plugins that blogging software has is also a possibility:
diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index eac72cdc7..3a46dade8 100644
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -162,16 +162,16 @@ These options configure the wiki.
Currently allows locking of any page, other powers may be added later.
May be specified multiple times for multiple admins.
-* --sanitize
-
- Enable [[HtmlSanitization]] of wiki content. On by default, disable with
- --no-sanitize.
-
* --plugin name
Enables the use of the specified plugin in the wiki. See [[plugins]] for
details. Note that plugin names are case sensative.
+* --disable-plugin name
+
+ Disables use of a plugin. For example "--disable-plugin htmlscrubber"
+ to do away with html sanitization.
+
* --verbose
Be vebose about what is being done.
diff --git a/ikiwiki b/ikiwiki
index 4801c5f92..e911eaff4 100755
--- a/ikiwiki
+++ b/ikiwiki
@@ -29,7 +29,6 @@ sub getconfig () { #{{{
"rss!" => \$config{rss},
"cgi!" => \$config{cgi},
"notify!" => \$config{notify},
- "sanitize!" => \$config{sanitize},
"url=s" => \$config{url},
"cgiurl=s" => \$config{cgiurl},
"historyurl=s" => \$config{historyurl},
@@ -54,7 +53,10 @@ sub getconfig () { #{{{
},
"plugin=s@" => sub {
push @{$config{plugin}}, $_[1];
- }
+ },
+ "disable-plugin=s@" => sub {
+ $config{plugin}=[grep { $_ ne $_[1] } @{$config{plugin}} ];
+ },
) || usage();
if (! $config{setup}) {