blob: 30f9f7d0a1909f4323c641edc8a811ffbe017606 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
Here is a patch [[tag patch]] to add a *forward*ing functionality
to the [[`meta`_plugin|plugins/meta]].
Find the most recent version at
<http://www.schwinge.homeip.net/~thomas/tmp/meta_forward.patch>.
I can't use `scrub(...)`, as that will strip out the forwarding HTML command.
How to deal with that?
I can also submit a Git patch, if desired.
# Syntax
**URL** = http://some.nice/place/ (*etc.*)
**WHITHER** = \[\[**[[wikilink]]**]] | **URL**
**D** = natural number (*meaning seconds*)
**OPT_DELAY** = delay=**D** | empty (*immediatelly*)
\[[meta forward="**WHITHER**" **OPT_DELAY**]]
# Extensions and Ideas
It might be doable to add references to pages that refer to the page containg
the forwarding statement also to the referred-to page.
--[[tschwinge]]
> The html scrubber cannot scrub meta headers. So if you emit one
> containing user-supplied data, it's up to you to scrub it to avoid all
> possible XSS attacks. Two attacks I'd worry about are cyclic meta refresh
> loops, which some, but not all web browsers detect and break, and any way
> to insert javascript via the user-supplied parameters. (Ie, putting
> something in the delay value that closes the tag can probably insert
> javascript ATM; and are there ways to embed javascript in the url?)
> --[[Joey]]
>> OK. I can add code to make sure that `$delay` **D** indeed is a natural number
>> and that the passed target address **WHITHER** is nothing but a valid target address.
>> (How to qualify a valid target address?)
>> What is a *cyclic meta refresh loop*? Two pages in turn forwarding to each other?
>> I think it would be possible to implement such a guard when only in-wiki links
>> ([[wikilink]]s) are being used, but how to do so for external links? --[[tschwinge]]
|