]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/htmlscrubber.pm
table: Support header=column to make the table header be the first column of the...
[git.ikiwiki.info.git] / IkiWiki / Plugin / htmlscrubber.pm
index 8804daf56985fd458ddfb4f598c5c6364cf69443..923907b047b8657e03857c91a500df5eb18911c5 100644 (file)
@@ -10,30 +10,39 @@ use IkiWiki 2.00;
 our $safe_url_regexp;
 
 sub import { #{{{
+       hook(type => "getsetup", id => "htmlscrubber", call => \&getsetup);
        hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
 
        # Only known uri schemes are allowed to avoid all the ways of
        # embedding javascrpt.
        # List at http://en.wikipedia.org/wiki/URI_scheme
-       my $uri_schemes=join("|",
+       my $uri_schemes=join("|", map quotemeta,
                # IANA registered schemes
                "http", "https", "ftp", "mailto", "file", "telnet", "gopher",
                "aaa", "aaas", "acap",  "cap", "cid", "crid", 
                "dav", "dict", "dns", "fax", "go", "h323", "im", "imap",
                "ldap", "mid", "news", "nfs", "nntp", "pop", "pres",
                "sip", "sips", "snmp", "tel", "urn", "wais", "xmpp",
-               "z39\.50r", "z39\.50s",
+               "z39.50r", "z39.50s",
                # Selected unofficial schemes
                "aim", "callto", "cvs", "ed2k", "feed", "fish", "gg",
                "irc", "ircs", "lastfm", "ldaps", "magnet", "mms",
                "msnim", "notes", "rsync", "secondlife", "skype", "ssh",
-               "sftp", "sms", "webcal", "ymsgr",
+               "sftp", "smb", "sms", "snews", "webcal", "ymsgr",
        );
        # data is a special case. Allow data:image/*, but
        # disallow data:text/javascript and everything else.
-       $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+$)/i;
+       $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+(?:$|\/))/i;
 } # }}}
 
+sub getsetup () { #{{{
+       return
+               plugin => {
+                       safe => 1,
+                       rebuild => undef,
+               },
+} #}}}
+
 sub sanitize (@) { #{{{
        my %params=@_;
        return scrubber()->scrub($params{content});