ugly bug

[git.ikiwiki.info.git] / IkiWiki / Plugin / htmlscrubber.pm
diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm

index 7398c84784632048c41eab1976436578a8bf7027..8475181780db55cfd1b0e0846f277e44fa87e156 100644 (file)
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -3,13 +3,13 @@ package IkiWiki::Plugin::htmlscrubber;
  
  use warnings;
  use strict;
  
  use warnings;
  use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
  
  # This regexp matches urls that are in a known safe scheme.
  # Feel free to use it from other plugins.
  our $safe_url_regexp;
  
  
  # This regexp matches urls that are in a known safe scheme.
  # Feel free to use it from other plugins.
  our $safe_url_regexp;
  
-sub import { #{{{
+sub import {
         hook(type => "getsetup", id => "htmlscrubber", call => \&getsetup);
         hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
  
         hook(type => "getsetup", id => "htmlscrubber", call => \&getsetup);
         hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
  
@@ -30,16 +30,17 @@ sub import { #{{{
                 "msnim", "notes", "rsync", "secondlife", "skype", "ssh",
                 "sftp", "smb", "sms", "snews", "webcal", "ymsgr",
         );
                 "msnim", "notes", "rsync", "secondlife", "skype", "ssh",
                 "sftp", "smb", "sms", "snews", "webcal", "ymsgr",
         );
-       # data is a special case. Allow data:image/*, but
-       # disallow data:text/javascript and everything else.
-       $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+(?:$|\/))/i;
-} # }}}
+       # data is a special case. Allow a few data:image/ types,
+       # but disallow data:text/javascript and everything else.
+       $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/(?:png|jpeg|gif)|[^:]+(?:$|[\/\?]))/i;
+}
  
  
-sub getsetup () { #{{{
+sub getsetup () {
         return
                 plugin => {
                         safe => 1,
                         rebuild => undef,
         return
                 plugin => {
                         safe => 1,
                         rebuild => undef,
+                       section => "core",
                 },
                 htmlscrubber_skip => {
                         type => "pagespec",
                 },
                 htmlscrubber_skip => {
                         type => "pagespec",
@@ -49,9 +50,9 @@ sub getsetup () { #{{{
                         safe => 1,
                         rebuild => undef,
                 },
                         safe => 1,
                         rebuild => undef,
                 },
-} #}}}
+}
  
  
-sub sanitize (@) { #{{{
+sub sanitize (@) {
         my %params=@_;
  
         if (exists $config{htmlscrubber_skip} &&
         my %params=@_;
  
         if (exists $config{htmlscrubber_skip} &&
@@ -62,16 +63,16 @@ sub sanitize (@) { #{{{
         }
  
         return scrubber()->scrub($params{content});
         }
  
         return scrubber()->scrub($params{content});
-} # }}}
+}
  
  my $_scrubber;
  
  my $_scrubber;
-sub scrubber { #{{{
+sub scrubber {
         return $_scrubber if defined $_scrubber;
  
         eval q{use HTML::Scrubber};
         error($@) if $@;
         # Lists based on http://feedparser.org/docs/html-sanitization.html
         return $_scrubber if defined $_scrubber;
  
         eval q{use HTML::Scrubber};
         error($@) if $@;
         # Lists based on http://feedparser.org/docs/html-sanitization.html
-       # With html 5 video and audio tags added.
+       # With html5 tags added.
         $_scrubber = HTML::Scrubber->new(
                 allow => [qw{
                         a abbr acronym address area b big blockquote br br/
         $_scrubber = HTML::Scrubber->new(
                 allow => [qw{
                         a abbr acronym address area b big blockquote br br/
@@ -81,7 +82,10 @@ sub scrubber { #{{{
                         menu ol optgroup option p p/ pre q s samp select small
                         span strike strong sub sup table tbody td textarea
                         tfoot th thead tr tt u ul var
                         menu ol optgroup option p p/ pre q s samp select small
                         span strike strong sub sup table tbody td textarea
                         tfoot th thead tr tt u ul var
-                       video audio
+
+                       video audio source section nav article aside hgroup
+                       header footer figure figcaption time mark canvas
+                       datalist progress meter ruby rt rp details summary
                 }],
                 default => [undef, { (
                         map { $_ => 1 } qw{
                 }],
                 default => [undef, { (
                         map { $_ => 1 } qw{
@@ -97,13 +101,19 @@ sub scrubber { #{{{
                                 selected shape size span start summary
                                 tabindex target title type valign
                                 value vspace width
                                 selected shape size span start summary
                                 tabindex target title type valign
                                 value vspace width
-                               autoplay loopstart loopend end
-                               playcount controls 
+
+                               autofocus autoplay preload loopstart
+                               loopend end playcount controls pubdate
+                               placeholder min max step low high optimum
+                               form required autocomplete novalidate pattern
+                               list formenctype formmethod formnovalidate
+                               formtarget reversed spellcheck open hidden
                         } ),
                         "/" => 1, # emit proper <hr /> XHTML
                         href => $safe_url_regexp,
                         src => $safe_url_regexp,
                         action => $safe_url_regexp,
                         } ),
                         "/" => 1, # emit proper <hr /> XHTML
                         href => $safe_url_regexp,
                         src => $safe_url_regexp,
                         action => $safe_url_regexp,
+                       formaction => $safe_url_regexp,
                         cite => $safe_url_regexp,
                         longdesc => $safe_url_regexp,
                         poster => $safe_url_regexp,
                         cite => $safe_url_regexp,
                         longdesc => $safe_url_regexp,
                         poster => $safe_url_regexp,
@@ -111,6 +121,6 @@ sub scrubber { #{{{
                 }],
         );
         return $_scrubber;
                 }],
         );
         return $_scrubber;
-} # }}}
+}
  
  1
  
  1