- $body =~ s/\[\[([^!])/[[$1/g unless $allow_wikilinks;
- $body =~ s/\[\[!/[[!/g unless $allow_directives;
+ unless ($allow_directives) {
+ # don't allow new-style directives at all
+ $body =~ s/(^|[^\\])\[\[!/$1\\[[!/g;
+
+ # don't allow [[ unless it begins an old-style
+ # wikilink, if prefix_directives is off
+ $body =~ s/(^|[^\\])\[\[(?![^\n\s\]+]\]\])/$1\\[[!/g
+ unless $config{prefix_directives};
+ }
+
+ unless ($allow_html) {
+ $body =~ s/&(\w|#)/&$1/g;
+ $body =~ s/</</g;
+ $body =~ s/>/>/g;
+ }