X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/80f9a2a0879f74e86b2720ca7d1c88ee165100ea..eb4945a3bc03bf062f59006cbed11b03526cefbb:/IkiWiki/Plugin/htmlscrubber.pm?ds=sidebyside diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm index 0090b67b9..36c012c73 100644 --- a/IkiWiki/Plugin/htmlscrubber.pm +++ b/IkiWiki/Plugin/htmlscrubber.pm @@ -29,10 +29,11 @@ sub import { "irc", "ircs", "lastfm", "ldaps", "magnet", "mms", "msnim", "notes", "rsync", "secondlife", "skype", "ssh", "sftp", "smb", "sms", "snews", "webcal", "ymsgr", + "bitcoin", "git", "svn", "bzr", "darcs", "hg" ); # data is a special case. Allow a few data:image/ types, # but disallow data:text/javascript and everything else. - $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/(?:png|jpeg|gif)|[^:]+(?:$|[\/\?]))/i; + $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/(?:png|jpeg|gif)|[^:]+(?:$|[\/\?#]))|^#/i; } sub getsetup () { @@ -57,8 +58,8 @@ sub sanitize (@) { if (exists $config{htmlscrubber_skip} && length $config{htmlscrubber_skip} && - exists $params{destpage} && - pagespec_match($params{destpage}, $config{htmlscrubber_skip})) { + exists $params{page} && + pagespec_match($params{page}, $config{htmlscrubber_skip})) { return $params{content}; } @@ -85,6 +86,7 @@ sub scrubber { video audio source section nav article aside hgroup header footer figure figcaption time mark canvas + datalist progress meter ruby rt rp details summary }], default => [undef, { ( map { $_ => 1 } qw{ @@ -103,12 +105,16 @@ sub scrubber { autofocus autoplay preload loopstart loopend end playcount controls pubdate - placeholder min max step + placeholder min max step low high optimum + form required autocomplete novalidate pattern + list formenctype formmethod formnovalidate + formtarget reversed spellcheck open hidden } ), "/" => 1, # emit proper
XHTML href => $safe_url_regexp, src => $safe_url_regexp, action => $safe_url_regexp, + formaction => $safe_url_regexp, cite => $safe_url_regexp, longdesc => $safe_url_regexp, poster => $safe_url_regexp,