);
# data is a special case. Allow a few data:image/ types,
# but disallow data:text/javascript and everything else.
- $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/(?:png|jpeg|gif)|[^:]+(?:$|[\/\?]))/i;
+ $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/(?:png|jpeg|gif)|[^:]+(?:$|[\/\?#]))|^#/i;
}
sub getsetup () {
if (exists $config{htmlscrubber_skip} &&
length $config{htmlscrubber_skip} &&
- exists $params{destpage} &&
- pagespec_match($params{destpage}, $config{htmlscrubber_skip})) {
+ exists $params{page} &&
+ pagespec_match($params{page}, $config{htmlscrubber_skip})) {
return $params{content};
}
placeholder min max step low high optimum
form required autocomplete novalidate pattern
list formenctype formmethod formnovalidate
- formtarget reversed spellcheck open
+ formtarget reversed spellcheck open hidden
} ),
"/" => 1, # emit proper <hr /> XHTML
href => $safe_url_regexp,