our $safe_url_regexp;
sub import { #{{{
+ hook(type => "getsetup", id => "htmlscrubber", call => \&getsetup);
hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
# Only known uri schemes are allowed to avoid all the ways of
);
# data is a special case. Allow data:image/*, but
# disallow data:text/javascript and everything else.
- $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+$)/i;
+ $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+(?:$|\/))/i;
} # }}}
+sub getsetup () { #{{{
+ return
+ plugin => {
+ safe => 1,
+ rebuild => undef,
+ },
+} #}}}
+
sub sanitize (@) { #{{{
my %params=@_;
return scrubber()->scrub($params{content});