X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/7351d545d96df3c1359312b1a5b79530fa6ab4fd..e566e9b20ef914e128dd783cd1a5f807f701636c:/IkiWiki/Plugin/htmlscrubber.pm

diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
index 7398c8478..a58a27d52 100644
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -3,13 +3,13 @@ package IkiWiki::Plugin::htmlscrubber;
 
 use warnings;
 use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
 
 # This regexp matches urls that are in a known safe scheme.
 # Feel free to use it from other plugins.
 our $safe_url_regexp;
 
-sub import { #{{{
+sub import {
 	hook(type => "getsetup", id => "htmlscrubber", call => \&getsetup);
 	hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
 
@@ -30,16 +30,17 @@ sub import { #{{{
 		"msnim", "notes", "rsync", "secondlife", "skype", "ssh",
 		"sftp", "smb", "sms", "snews", "webcal", "ymsgr",
 	);
-	# data is a special case. Allow data:image/*, but
-	# disallow data:text/javascript and everything else.
-	$safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+(?:$|\/))/i;
-} # }}}
+	# data is a special case. Allow a few data:image/ types,
+	# but disallow data:text/javascript and everything else.
+	$safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/(?:png|jpeg|gif)|[^:]+(?:$|[\/\?#]))|^#/i;
+}
 
-sub getsetup () { #{{{
+sub getsetup () {
 	return
 		plugin => {
 			safe => 1,
 			rebuild => undef,
+			section => "core",
 		},
 		htmlscrubber_skip => {
 			type => "pagespec",
@@ -49,29 +50,29 @@ sub getsetup () { #{{{
 			safe => 1,
 			rebuild => undef,
 		},
-} #}}}
+}
 
-sub sanitize (@) { #{{{
+sub sanitize (@) {
 	my %params=@_;
 
 	if (exists $config{htmlscrubber_skip} &&
 	    length $config{htmlscrubber_skip} &&
-	    exists $params{destpage} &&
-	    pagespec_match($params{destpage}, $config{htmlscrubber_skip})) {
+	    exists $params{page} &&
+	    pagespec_match($params{page}, $config{htmlscrubber_skip})) {
 		return $params{content};
 	}
 
 	return scrubber()->scrub($params{content});
-} # }}}
+}
 
 my $_scrubber;
-sub scrubber { #{{{
+sub scrubber {
 	return $_scrubber if defined $_scrubber;
 
 	eval q{use HTML::Scrubber};
 	error($@) if $@;
 	# Lists based on http://feedparser.org/docs/html-sanitization.html
-	# With html 5 video and audio tags added.
+	# With html5 tags added.
 	$_scrubber = HTML::Scrubber->new(
 		allow => [qw{
 			a abbr acronym address area b big blockquote br br/
@@ -81,7 +82,10 @@ sub scrubber { #{{{
 			menu ol optgroup option p p/ pre q s samp select small
 			span strike strong sub sup table tbody td textarea
 			tfoot th thead tr tt u ul var
-			video audio
+
+			video audio source section nav article aside hgroup
+			header footer figure figcaption time mark canvas
+			datalist progress meter ruby rt rp details summary
 		}],
 		default => [undef, { (
 			map { $_ => 1 } qw{
@@ -97,13 +101,19 @@ sub scrubber { #{{{
 				selected shape size span start summary
 				tabindex target title type valign
 				value vspace width
-				autoplay loopstart loopend end
-				playcount controls 
+
+				autofocus autoplay preload loopstart
+				loopend end playcount controls pubdate
+				placeholder min max step low high optimum
+				form required autocomplete novalidate pattern
+				list formenctype formmethod formnovalidate
+				formtarget reversed spellcheck open hidden
 			} ),
 			"/" => 1, # emit proper <hr /> XHTML
 			href => $safe_url_regexp,
 			src => $safe_url_regexp,
 			action => $safe_url_regexp,
+			formaction => $safe_url_regexp,
 			cite => $safe_url_regexp,
 			longdesc => $safe_url_regexp,
 			poster => $safe_url_regexp,
@@ -111,6 +121,6 @@ sub scrubber { #{{{
 		}],
 	);
 	return $_scrubber;
-} # }}}
+}
 
 1