return $content;
} #}}}
+my $_scrubber;
+sub scrubber { #{{{
+ return $_scrubber if defined $_scrubber;
+
+ eval q{use HTML::Scrubber};
+ # Lists based on http://feedparser.org/docs/html-sanitization.html
+ $_scrubber = HTML::Scrubber->new(
+ allow => [qw{
+ a abbr acronym address area b big blockquote br
+ button caption center cite code col colgroup dd del
+ dfn dir div dl dt em fieldset font form h1 h2 h3 h4
+ h5 h6 hr i img input ins kbd label legend li map
+ menu ol optgroup option p pre q s samp select small
+ span strike strong sub sup table tbody td textarea
+ tfoot th thead tr tt u ul var
+ }],
+ default => [undef, { map { $_ => 1 } qw{
+ abbr accept accept-charset accesskey action
+ align alt axis border cellpadding cellspacing
+ char charoff charset checked cite class
+ clear cols colspan color compact coords
+ datetime dir disabled enctype for frame
+ headers height href hreflang hspace id ismap
+ label lang longdesc maxlength media method
+ multiple name nohref noshade nowrap prompt
+ readonly rel rev rows rowspan rules scope
+ selected shape size span src start summary
+ tabindex target title type usemap valign
+ value vspace width
+ }}],
+ );
+ return $_scrubber;
+} # }}}
+
sub htmlize ($$) { #{{{
my $type=shift;
my $content=shift;
}
if ($type eq '.mdwn') {
- return Markdown::Markdown($content);
+ $content=Markdown::Markdown($content);
}
else {
error("htmlization of $type not supported");
}
+
+ if ($config{sanitize}) {
+ $content=scrubber()->scrub($content);
+ }
+
+ return $content;
} #}}}
sub backlinks ($) { #{{{
my $command=shift;
my $params=shift;
if (length $escape) {
- "[[$command $params]]";
+ return "[[$command $params]]";
}
elsif (exists $commands{$command}) {
my %params;
while ($params =~ /(\w+)=\"([^"]+)"(\s+|$)/g) {
$params{$1}=$2;
}
- $commands{$command}->($page, %params);
+ return $commands{$command}->($page, %params);
}
else {
- "[[bad directive $command]]";
+ return "[[bad directive $command]]";
}
};
if (! exists $params{show} && $params{archive} eq "no") {
$params{show}=10;
}
- $inlinepages{$parentpage}=$params{pages};
+ if (! exists $depends{$parentpage}) {
+ $depends{$parentpage}=$params{pages};
+ }
+ else {
+ $depends{$parentpage}.=" ".$params{pages};
+ }
my $ret="";
if (exists $params{rootpage}) {
+ # Add a blog post form, with a rss link button.
my $formtemplate=HTML::Template->new(blind_cache => 1,
filename => "$config{templatedir}/blogpost.tmpl");
$formtemplate->param(cgiurl => $config{cgiurl});
$formtemplate->param(rootpage => $params{rootpage});
- my $form=$formtemplate->output;
- $ret.=$form;
+ if ($config{rss}) {
+ $formtemplate->param(rssurl => rsspage(basename($parentpage)));
+ }
+ $ret.=$formtemplate->output;
+ }
+ elsif ($config{rss}) {
+ # Add a rss link button.
+ my $linktemplate=HTML::Template->new(blind_cache => 1,
+ filename => "$config{templatedir}/rsslink.tmpl");
+ $linktemplate->param(rssurl => rsspage(basename($parentpage)));
+ $ret.=$linktemplate->output;
}
my $template=HTML::Template->new(blind_cache => 1,
$template->param(hyperestraierurl => cgiurl());
}
- if ($config{rss} && $inlinepages{$page}) {
- $template->param(rssurl => rsspage(basename($page)));
- }
-
$template->param(
title => $title,
wikiname => $config{wikiname},
my $page=pagename($file);
$links{$page}=[findlinks($content, $page)];
- delete $inlinepages{$page};
+ delete $depends{$page};
$content=linkify($content, $page);
$content=preprocess($page, $content);
}
# Handle backlinks; if a page has added/removed links, update the
- # pages it links to. Also handle inlining here.
+ # pages it links to. Also handles rebuilding dependat pages.
# TODO: inefficient; pages may get rendered above and again here;
# problem is the backlinks could be wrong in the first pass render
# above
if (%rendered || @del) {
foreach my $f (@files) {
my $p=pagename($f);
- if (exists $inlinepages{$p}) {
+ if (exists $depends{$p}) {
foreach my $file (keys %rendered, @del) {
my $page=pagename($file);
- if (globlist_match($page, $inlinepages{$p})) {
- debug("rendering $f, which inlines $page");
+ if (globlist_match($page, $depends{$p})) {
+ debug("rendering $f, which depends on $page");
render($f);
$rendered{$f}=1;
last;