]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/htmlscrubber.pm
403 response may be a "not found" too
[git.ikiwiki.info.git] / IkiWiki / Plugin / htmlscrubber.pm
index 8136bdadce567c6ae21432755d73b4d0b9a01a73..a249cdf7a43b2986b5ca519f88c01cc6fcf85141 100644 (file)
@@ -3,25 +3,20 @@ package IkiWiki::Plugin::htmlscrubber;
 
 use warnings;
 use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
 
-sub import { #{{{
-       hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
-} # }}}
+# This regexp matches urls that are in a known safe scheme.
+# Feel free to use it from other plugins.
+our $safe_url_regexp;
 
-sub sanitize (@) { #{{{
-       my %params=@_;
-       return scrubber()->scrub($params{content});
-} # }}}
+sub import {
+       hook(type => "getsetup", id => "htmlscrubber", call => \&getsetup);
+       hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
 
-my $_scrubber;
-sub scrubber { #{{{
-       return $_scrubber if defined $_scrubber;
-       
        # Only known uri schemes are allowed to avoid all the ways of
        # embedding javascrpt.
        # List at http://en.wikipedia.org/wiki/URI_scheme
-       my $uri_schemes=join("|",
+       my $uri_schemes=join("|", map quotemeta,
                # IANA registered schemes
                "http", "https", "ftp", "mailto", "file", "telnet", "gopher",
                "aaa", "aaas", "acap",  "cap", "cid", "crid", 
@@ -33,11 +28,45 @@ sub scrubber { #{{{
                "aim", "callto", "cvs", "ed2k", "feed", "fish", "gg",
                "irc", "ircs", "lastfm", "ldaps", "magnet", "mms",
                "msnim", "notes", "rsync", "secondlife", "skype", "ssh",
-               "sftp", "sms", "steam", "webcal", "ymsgr",
+               "sftp", "smb", "sms", "snews", "webcal", "ymsgr",
        );
        # data is a special case. Allow data:image/*, but
        # disallow data:text/javascript and everything else.
-       my $link=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+$)/i;
+       $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+(?:$|\/))/i;
+}
+
+sub getsetup () {
+       return
+               plugin => {
+                       safe => 1,
+                       rebuild => undef,
+               },
+               htmlscrubber_skip => {
+                       type => "pagespec",
+                       example => "!*/Discussion",
+                       description => "PageSpec specifying pages not to scrub",
+                       link => "ikiwiki/PageSpec",
+                       safe => 1,
+                       rebuild => undef,
+               },
+}
+
+sub sanitize (@) {
+       my %params=@_;
+
+       if (exists $config{htmlscrubber_skip} &&
+           length $config{htmlscrubber_skip} &&
+           exists $params{destpage} &&
+           pagespec_match($params{destpage}, $config{htmlscrubber_skip})) {
+               return $params{content};
+       }
+
+       return scrubber()->scrub($params{content});
+}
+
+my $_scrubber;
+sub scrubber {
+       return $_scrubber if defined $_scrubber;
 
        eval q{use HTML::Scrubber};
        error($@) if $@;
@@ -72,16 +101,16 @@ sub scrubber { #{{{
                                playcount controls 
                        } ),
                        "/" => 1, # emit proper <hr /> XHTML
-                       href => $link,
-                       src => $link,
-                       action => $link,
-                       cite => $link,
-                       longdesc => $link,
-                       poster => $link,
-                       usemap => $link,
+                       href => $safe_url_regexp,
+                       src => $safe_url_regexp,
+                       action => $safe_url_regexp,
+                       cite => $safe_url_regexp,
+                       longdesc => $safe_url_regexp,
+                       poster => $safe_url_regexp,
+                       usemap => $safe_url_regexp,
                }],
        );
        return $_scrubber;
-} # }}}
+}
 
 1