]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/htmlscrubber.pm
Put newly aggregated pages in the transient underlay
[git.ikiwiki.info.git] / IkiWiki / Plugin / htmlscrubber.pm
index 923907b047b8657e03857c91a500df5eb18911c5..a58a27d5221acc50e932057b9fabaffcf38c7b97 100644 (file)
@@ -3,13 +3,13 @@ package IkiWiki::Plugin::htmlscrubber;
 
 use warnings;
 use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
 
 # This regexp matches urls that are in a known safe scheme.
 # Feel free to use it from other plugins.
 our $safe_url_regexp;
 
-sub import { #{{{
+sub import {
        hook(type => "getsetup", id => "htmlscrubber", call => \&getsetup);
        hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
 
@@ -30,32 +30,49 @@ sub import { #{{{
                "msnim", "notes", "rsync", "secondlife", "skype", "ssh",
                "sftp", "smb", "sms", "snews", "webcal", "ymsgr",
        );
-       # data is a special case. Allow data:image/*, but
-       # disallow data:text/javascript and everything else.
-       $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+(?:$|\/))/i;
-} # }}}
+       # data is a special case. Allow a few data:image/ types,
+       # but disallow data:text/javascript and everything else.
+       $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/(?:png|jpeg|gif)|[^:]+(?:$|[\/\?#]))|^#/i;
+}
 
-sub getsetup () { #{{{
+sub getsetup () {
        return
                plugin => {
                        safe => 1,
                        rebuild => undef,
+                       section => "core",
                },
-} #}}}
+               htmlscrubber_skip => {
+                       type => "pagespec",
+                       example => "!*/Discussion",
+                       description => "PageSpec specifying pages not to scrub",
+                       link => "ikiwiki/PageSpec",
+                       safe => 1,
+                       rebuild => undef,
+               },
+}
 
-sub sanitize (@) { #{{{
+sub sanitize (@) {
        my %params=@_;
+
+       if (exists $config{htmlscrubber_skip} &&
+           length $config{htmlscrubber_skip} &&
+           exists $params{page} &&
+           pagespec_match($params{page}, $config{htmlscrubber_skip})) {
+               return $params{content};
+       }
+
        return scrubber()->scrub($params{content});
-} # }}}
+}
 
 my $_scrubber;
-sub scrubber { #{{{
+sub scrubber {
        return $_scrubber if defined $_scrubber;
 
        eval q{use HTML::Scrubber};
        error($@) if $@;
        # Lists based on http://feedparser.org/docs/html-sanitization.html
-       # With html 5 video and audio tags added.
+       # With html5 tags added.
        $_scrubber = HTML::Scrubber->new(
                allow => [qw{
                        a abbr acronym address area b big blockquote br br/
@@ -65,7 +82,10 @@ sub scrubber { #{{{
                        menu ol optgroup option p p/ pre q s samp select small
                        span strike strong sub sup table tbody td textarea
                        tfoot th thead tr tt u ul var
-                       video audio
+
+                       video audio source section nav article aside hgroup
+                       header footer figure figcaption time mark canvas
+                       datalist progress meter ruby rt rp details summary
                }],
                default => [undef, { (
                        map { $_ => 1 } qw{
@@ -81,13 +101,19 @@ sub scrubber { #{{{
                                selected shape size span start summary
                                tabindex target title type valign
                                value vspace width
-                               autoplay loopstart loopend end
-                               playcount controls 
+
+                               autofocus autoplay preload loopstart
+                               loopend end playcount controls pubdate
+                               placeholder min max step low high optimum
+                               form required autocomplete novalidate pattern
+                               list formenctype formmethod formnovalidate
+                               formtarget reversed spellcheck open hidden
                        } ),
                        "/" => 1, # emit proper <hr /> XHTML
                        href => $safe_url_regexp,
                        src => $safe_url_regexp,
                        action => $safe_url_regexp,
+                       formaction => $safe_url_regexp,
                        cite => $safe_url_regexp,
                        longdesc => $safe_url_regexp,
                        poster => $safe_url_regexp,
@@ -95,6 +121,6 @@ sub scrubber { #{{{
                }],
        );
        return $_scrubber;
-} # }}}
+}
 
 1