| Commit message (Expand) | Author | Age |
|---|
| * | finalise version 3.00 of the plugin api | Joey Hess | 2008-12-23 |
| * | Coding style change: Remove explcit vim folding markers. | Joey Hess | 2008-12-17 |
| * | htmlscrubber: Add a config setting that can be used to disable the scrubber a... | Joey Hess | 2008-09-26 |
| * | add plugin safe/rebuild info (part 1 of 2)•••too many plugins.. brain exploding..
| Joey Hess | 2008-08-03 |
| * | Allow colons in URLs after the first slash•••A new regexp fixes this bug:
http://ikiwiki.info/bugs/No_link_for_blog_items_when_filename_contains_a_colon/
I traced this down to htmlscrubber. If disabled,
it works. If enabled, then $safe_url_regexp
determines the URL unsafe because of the colon and
hence removes the src attribute.
Digging into this, I find that RFC 3986 pretty
much discourages colons in filenames:
"""
A path segment that contains a colon character
(e.g., "this:that") cannot be used as the first
segment of a relative-path reference, as it would
be mistaken for a scheme name. Such a segment must
be preceded by a dot-segment (e.g., "./this:that")
to make a relative- path reference.
"""
on the other hand, with usedirs, any link to
another page will be prepended by ../ anyway, so
that makes them okay again.
The solution still seems not to use colons.
In any case, htmlscrubber should get a new regexp,
courtesy of dato.
I have tested and verified this.
Signed-off-by: martin f. krafft <madduck@madduck.net>
| Adeodato Simó | 2008-02-29 |
| * | use quotemeta when building the regexp | Joey Hess | 2008-02-10 |
| * | Allow the smb: URI scheme. | Josh Triplett | 2008-02-10 |
| * | Allow the snews: URI scheme. | Josh Triplett | 2008-02-10 |
| * | Do not allow the steam: URI scheme. | Josh Triplett | 2008-02-10 |
| * | Match literal '.' in URI schemas containing '.', rather than matching any cha... | Josh Triplett | 2008-02-10 |
| * | export $safe_url_regexp | Joey Hess | 2008-02-10 |
| * | Also filter the attributes cite, longdesc, and usemap, which can contain URIs | Josh Triplett | 2008-02-10 |
| * | add parens around scheme regexp | Joey Hess | 2008-02-10 |
| * | Do not allow the about: URI scheme•••Some browsers interpret about: URIs like a limited version of data:
URIs. In particular, some versions of Internet Explorer interpret
arbitrary HTML content in about: URIs.
| Josh Triplett | 2008-02-10 |
| * | fix data:image handling | Joey Hess | 2008-02-10 |
| * | * htmlscrubber security fix: Block javascript in uris.•••* Add htmlscrubber test suite.
| Joey Hess | 2008-02-10 |
| * | * htmlscrubber: Further work around #365971 by adding tags for 'br/', 'hr/'••• and 'p/'.
| Joey Hess | 2008-01-07 |
| * | * Allow html5 video and audio tags and their attributes in the htmlscrubber. | Joey Hess | 2007-11-18 |
| * | on second thought, simple alphanumeric styles are not actually useful (class ... | joey | 2007-07-11 |
| * | * Allow simple alphanumeric style attribute values in the htmlscrubber. This••• should be safe from javascript attacks.
| joey | 2007-07-11 |
| * | * pagespec_match() has changed to take named parameters, to better allow••• for extended pagespecs. The old calling convention will still work for
back-compat for now.
* The calling convention for functions in the IkiWiki::PageSpec namespace
has changed so they are passed named parameters.
* Plugin interface version increased to 2.00 since I don't anticipate any
more interface changes before 2.0.
| joey | 2007-04-27 |
| * | * Make sure to check for errors from every eval. | joey | 2006-11-08 |
| * | * Work on firming up the plugin interface:••• - Plugins should not need to load IkiWiki::Render to get commonly
used functions, so moved some functions from there to IkiWiki.
- Picked out the set of functions and variables that most plugins
use, documented them, and made IkiWiki export them by default,
like a proper perl module should.
- Use the other functions at your own risk.
- This is not quite complete, I still have to decide whether to
export some other things.
* Changed all plugins included in ikiwiki to not use "IkiWiki::" when
referring to stuff now exported by the IkiWiki module.
* Anyone with a third-party ikiwiki plugin is strongly enrouraged
to make like changes to it and avoid use of non-exported symboles from
"IkiWiki::".
* Link debian/changelog and debian/news to NEWS and CHANGELOG.
* Support hyperestradier version 1.4.2, which adds a new required phraseform
setting.
| joey | 2006-09-09 |
| * | * Change htmlize, format, and sanitize hooks to use named parameters. | joey | 2006-08-28 |
| * | * Tell HTML::Scrubber to treat "/" as a valid attribute which is its••• very strange way of enabling proper XHTML <br /> type tags. Output html
should be always valid again now.
| joey | 2006-05-25 |
| * | * Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber••• and --disable-plugin htmlscrubber.
| joey | 2006-05-05 |