]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/meta.pm
HTML-escape error messages (OVE-20160505-0012)
[git.ikiwiki.info.git] / IkiWiki / Plugin / meta.pm
index ad6d1a8e338895685be79486c5b4dac95f9c21b9..e7b96bdf142f47e221e321b4ecb8ce68ab4989f8 100644 (file)
@@ -107,12 +107,12 @@ sub preprocess (@) {
                # fallthrough
        }
        elsif ($key eq 'license') {
                # fallthrough
        }
        elsif ($key eq 'license') {
-               push @{$metaheaders{$page}}, '<link rel="license" href="#page_license" />';
+               push @{$metaheaders{$page}}, '<link rel="license" href="#pagelicense" />';
                $pagestate{$page}{meta}{license}=$value;
                return "";
        }
        elsif ($key eq 'copyright') {
                $pagestate{$page}{meta}{license}=$value;
                return "";
        }
        elsif ($key eq 'copyright') {
-               push @{$metaheaders{$page}}, '<link rel="copyright" href="#page_copyright" />';
+               push @{$metaheaders{$page}}, '<link rel="copyright" href="#pagecopyright" />';
                $pagestate{$page}{meta}{copyright}=$value;
                return "";
        }
                $pagestate{$page}{meta}{copyright}=$value;
                return "";
        }
@@ -121,6 +121,18 @@ sub preprocess (@) {
                add_link($page, $value);
                return "";
        }
                add_link($page, $value);
                return "";
        }
+       elsif ($key eq 'enclosure') {
+               my $link=bestlink($page, $value);
+               if (! length $link) {
+                       error gettext("enclosure not found")
+               }
+               add_depends($page, $link, deptype("presence"));
+
+               $value=urlto($link, $page, 1);
+               $pagestate{$page}{meta}{enclosure}=$value;
+               $pagestate{$page}{meta}{enclosurefile}=$link;
+               # fallthrough
+       }
        elsif ($key eq 'author') {
                $pagestate{$page}{meta}{author}=$value;
                if (exists $params{sortas}) {
        elsif ($key eq 'author') {
                $pagestate{$page}{meta}{author}=$value;
                if (exists $params{sortas}) {
@@ -174,10 +186,21 @@ sub preprocess (@) {
                if (! length $stylesheet) {
                        error gettext("stylesheet not found")
                }
                if (! length $stylesheet) {
                        error gettext("stylesheet not found")
                }
-               push @{$metaheaders{$page}}, '<link href="'.urlto($stylesheet, $page).
+               push @{$metaheaders{$page}}, scrub('<link href="'.urlto($stylesheet, $page).
                        '" rel="'.encode_entities($rel).
                        '" title="'.encode_entities($title).
                        '" rel="'.encode_entities($rel).
                        '" title="'.encode_entities($title).
-                       "\" type=\"text/css\" />";
+                       "\" type=\"text/css\" />", $page, $destpage);
+       }
+       elsif ($key eq 'script') {
+               my $defer=exists $params{defer} ? ' defer="defer"' : '';
+               my $async=exists $params{async} ? ' async="async"' : '';
+               my $js=bestlink($page, $value.".js");
+               if (! length $js) {
+                       error gettext("script not found");
+               }
+               push @{$metaheaders{$page}}, scrub('<script src="'.urlto($js, $page).
+                       '"' . $defer . $async . ' type="text/javascript"></script>',
+                       $page, $destpage);
        }
        elsif ($key eq 'openid') {
                my $delegate=0; # both by default
        }
        elsif ($key eq 'openid') {
                my $delegate=0; # both by default
@@ -206,6 +229,13 @@ sub preprocess (@) {
                                'content="'.encode_entities($url).'" />';
                }
        }
                                'content="'.encode_entities($url).'" />';
                }
        }
+       elsif ($key eq 'foaf') {
+               if (safeurl($value)) {
+                       push @{$metaheaders{$page}}, '<link rel="meta" '.
+                               'type="application/rdf+xml" title="FOAF" '.
+                               'href="'.encode_entities($value).'" />';
+               }
+       }
        elsif ($key eq 'redir') {
                return "" if $page ne $destpage;
                my $safe=0;
        elsif ($key eq 'redir') {
                return "" if $page ne $destpage;
                my $safe=0;
@@ -257,17 +287,23 @@ sub preprocess (@) {
                push @{$metaheaders{$page}}, '<meta name="robots"'.
                        ' content="'.encode_entities($value).'" />';
        }
                push @{$metaheaders{$page}}, '<meta name="robots"'.
                        ' content="'.encode_entities($value).'" />';
        }
-       elsif ($key eq 'description') {
-               push @{$metaheaders{$page}}, '<meta name="'.
-                       encode_entities($key).
+       elsif ($key eq 'description' || $key eq 'author') {
+               push @{$metaheaders{$page}}, '<meta name="'.$key.
                        '" content="'.encode_entities($value).'" />';
        }
        elsif ($key eq 'name') {
                        '" content="'.encode_entities($value).'" />';
        }
        elsif ($key eq 'name') {
-               push @{$metaheaders{$page}}, scrub('<meta '.$key.'="'.
+               push @{$metaheaders{$page}}, scrub('<meta name="'.
                        encode_entities($value).
                        join(' ', map { "$_=\"$params{$_}\"" } keys %params).
                        ' />', $page, $destpage);
        }
                        encode_entities($value).
                        join(' ', map { "$_=\"$params{$_}\"" } keys %params).
                        ' />', $page, $destpage);
        }
+       elsif ($key eq 'keywords') {
+               # Make sure the keyword string is safe: only allow alphanumeric
+               # characters, space and comma and strip the rest.
+               $value =~ s/[^[:alnum:], ]+//g;
+               push @{$metaheaders{$page}}, '<meta name="keywords"'.
+                       ' content="'.encode_entities($value).'" />';
+       }
        else {
                push @{$metaheaders{$page}}, scrub('<meta name="'.
                        encode_entities($key).'" content="'.
        else {
                push @{$metaheaders{$page}}, scrub('<meta name="'.
                        encode_entities($key).'" content="'.
@@ -289,21 +325,30 @@ sub pagetemplate (@) {
                $template->param(meta => join("\n", grep { (! $seen{$_}) && ($seen{$_}=1) } @{$metaheaders{$page}}));
        }
        if (exists $pagestate{$page}{meta}{title} && $template->query(name => "title")) {
                $template->param(meta => join("\n", grep { (! $seen{$_}) && ($seen{$_}=1) } @{$metaheaders{$page}}));
        }
        if (exists $pagestate{$page}{meta}{title} && $template->query(name => "title")) {
+               eval q{use HTML::Entities};
                $template->param(title => HTML::Entities::encode_numeric($pagestate{$page}{meta}{title}));
                $template->param(title_overridden => 1);
        }
 
                $template->param(title => HTML::Entities::encode_numeric($pagestate{$page}{meta}{title}));
                $template->param(title_overridden => 1);
        }
 
-       foreach my $field (qw{author authorurl permalink}) {
-               $template->param($field => $pagestate{$page}{meta}{$field})
+       if (exists $pagestate{$page}{meta}{enclosure}) {
+               $template->param(enclosure => HTML::Entities::encode_entities(IkiWiki::urlabs($pagestate{$page}{meta}{enclosure}, $config{url})));
+       }
+
+       foreach my $field (qw{authorurl}) {
+               eval q{use HTML::Entities};
+               $template->param($field => HTML::Entities::encode_entities($pagestate{$page}{meta}{$field}))
                        if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
        }
 
        foreach my $field (qw{permalink}) {
                        if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
        }
 
        foreach my $field (qw{permalink}) {
-               $template->param($field => IkiWiki::urlabs($pagestate{$page}{meta}{$field}, $config{url}))
-                       if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
+               if (exists $pagestate{$page}{meta}{$field} && $template->query(name => $field)) {
+                       eval q{use HTML::Entities};
+                       $template->param($field => HTML::Entities::encode_entities(IkiWiki::urlabs($pagestate{$page}{meta}{$field}, $config{url})));
+               }
        }
 
        }
 
-       foreach my $field (qw{description}) {
+       foreach my $field (qw{description author}) {
+               eval q{use HTML::Entities};
                $template->param($field => HTML::Entities::encode_numeric($pagestate{$page}{meta}{$field}))
                        if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
        }
                $template->param($field => HTML::Entities::encode_numeric($pagestate{$page}{meta}{$field}))
                        if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
        }