data:image/svg is a security hole as javascript can presumably be inserted

[git.ikiwiki.info.git] / IkiWiki / Plugin / htmlscrubber.pm

diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
index 7398c84784632048c41eab1976436578a8bf7027..ee284a45c3e46815f47a9001e1badb45adacdb6c 100644 (file)
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -3,13 +3,13 @@ package IkiWiki::Plugin::htmlscrubber;
 
 use warnings;
 use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
 
 # This regexp matches urls that are in a known safe scheme.
 # Feel free to use it from other plugins.
 our $safe_url_regexp;
 
-sub import { #{{{
+sub import {
        hook(type => "getsetup", id => "htmlscrubber", call => \&getsetup);
        hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
 
@@ -33,13 +33,14 @@ sub import { #{{{
        # data is a special case. Allow data:image/*, but
        # disallow data:text/javascript and everything else.
        $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+(?:$|\/))/i;
-} # }}}
+}
 
-sub getsetup () { #{{{
+sub getsetup () {
        return
                plugin => {
                        safe => 1,
                        rebuild => undef,
+                       section => "core",
                },
                htmlscrubber_skip => {
                        type => "pagespec",
@@ -49,9 +50,9 @@ sub getsetup () { #{{{
                        safe => 1,
                        rebuild => undef,
                },
-} #}}}
+}
 
-sub sanitize (@) { #{{{
+sub sanitize (@) {
        my %params=@_;
 
        if (exists $config{htmlscrubber_skip} &&
@@ -62,10 +63,10 @@ sub sanitize (@) { #{{{
        }
 
        return scrubber()->scrub($params{content});
-} # }}}
+}
 
 my $_scrubber;
-sub scrubber { #{{{
+sub scrubber {
        return $_scrubber if defined $_scrubber;
 
        eval q{use HTML::Scrubber};
@@ -111,6 +112,6 @@ sub scrubber { #{{{
                }],
        );
        return $_scrubber;
-} # }}}
+}
 
 1