]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commitdiff
* Add embed plugin, which allows embedding content from google maps, video,
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Thu, 23 Aug 2007 20:14:08 +0000 (20:14 +0000)
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Thu, 23 Aug 2007 20:14:08 +0000 (20:14 +0000)
  calendar, and youtube. Normally, the htmlsanitiser eats these since they
  use unsafe tags, the embed plugin overrides it for trusted sites.
* The googlecalendar plugin is now deprecated, and will be removed
  eventually. Please switch to using the embed plugin.

IkiWiki/Plugin/embed.pm [new file with mode: 0644]
debian/changelog
doc/plugins/embed.mdwn [new file with mode: 0644]
doc/plugins/googlecalendar.mdwn

diff --git a/IkiWiki/Plugin/embed.pm b/IkiWiki/Plugin/embed.pm
new file mode 100644 (file)
index 0000000..4fc91d9
--- /dev/null
@@ -0,0 +1,68 @@
+#!/usr/bin/perl
+package IkiWiki::Plugin::embed;
+
+use warnings;
+use strict;
+use IkiWiki 2.00;
+
+my $attribr=qr/[^<>"]+/;
+
+# regexp matching known-safe html
+my $safehtml=qr{(
+       # google maps
+       <\s*iframe\s+width="\d+"\s+height="\d+"\s+frameborder="$attribr"\s+
+       scrolling="$attribr"\s+marginheight="\d+"\s+marginwidth="\d+"\s+
+       src="http://maps.google.com/\?$attribr"\s*>\s*</iframe>
+
+       |
+
+       # youtube
+       <\s*object\s+width="\d+"\s+height="\d+"\s*>\s*
+       <\s*param\s+name="movie"\s+value="http://www.youtube.com/v/$attribr"\s*>\s*
+       </param>\s*
+       <\s*param\s+name="wmode"\s+value="transparent"\s*>\s*</param>\s*
+       <embed\s+src="http://www.youtube.com/v/$attribr"\s+
+       type="application/x-shockwave-flash"\s+wmode="transparent"\s+
+       width="\d+"\s+height="\d+"\s*>\s*</embed>\s*</object>
+
+       |
+
+       # google video
+       <\s*embed\s+style="\s*width:\d+px;\s+height:\d+px;\s*"\s+id="$attribr"\s+
+       type="application/x-shockwave-flash"\s+
+       src="http://video.google.com/googleplayer.swf\?$attribr"\s+
+       flashvars=""\s*>\s*</embed>
+
+       |
+
+       # google calendar
+       <\s*iframe\s+src="http://www.google.com/calendar/embed\?src=$attribr"\s+
+       style="\s*border-width:\d+\s*"\s+width="\d+"\s+frameborder="\d+"\s*
+       height="\d+"\s*>\s*</iframe>
+)}sx;
+
+my @embedded;
+
+sub import { #{{{
+       hook(type => "filter", id => "embed", call => \&filter);
+} # }}}
+
+sub embed ($) { #{{{
+       hook(type => "format", id => "embed", call => \&format) unless @embedded;
+       push @embedded, shift;
+       return "<div class=\"embed$#embedded\"></div>";
+} #}}}
+
+sub filter (@) { #{{{
+       my %params=@_;
+       $params{content} =~ s/$safehtml/embed($1)/eg;
+       return $params{content};
+} # }}}
+
+sub format (@) { #{{{
+        my %params=@_;
+       $params{content} =~ s/<div class="embed(\d+)"><\/div>/$embedded[$1]/eg;
+        return $params{content};
+} # }}}
+
+1
index 2ec096ee6c57719585097af1137bfe309504255c..b057e7c56c9fd9d5050dfe64413af6b3aa0445a3 100644 (file)
@@ -52,8 +52,13 @@ ikiwiki (2.6) UNRELEASED; urgency=low
   * Call decode_form_utf8 before running formbuilder_setup hooks.
   * Add editdiff plugin contributed by Jeremie Koenig.
   * Fix it to not leak path info.
+  * Add embed plugin, which allows embedding content from google maps, video,
+    calendar, and youtube. Normally, the htmlsanitiser eats these since they
+    use unsafe tags, the embed plugin overrides it for trusted sites.
+  * The googlecalendar plugin is now deprecated, and will be removed
+    eventually. Please switch to using the embed plugin.
 
- -- Joey Hess <joeyh@debian.org>  Wed, 22 Aug 2007 16:56:22 -0400
+ -- Joey Hess <joeyh@debian.org>  Thu, 23 Aug 2007 14:08:46 -0400
 
 ikiwiki (2.5) unstable; urgency=low
 
diff --git a/doc/plugins/embed.mdwn b/doc/plugins/embed.mdwn
new file mode 100644 (file)
index 0000000..ba327da
--- /dev/null
@@ -0,0 +1,45 @@
+[[template id=plugin name=embed author="[[Joey]]"]]
+[[tag type/html]]
+
+This plugin allows embedding content from external sites on 
+wiki pages.
+
+Normally, the [[htmlscrubber]] does not allow the tags that are used for
+embedding content from external sites, since `<iframe>`, `<embed>`, and
+`<object>` tags can be used for various sorts of attacks. This plugin
+allows such tags to be put on a page, if they look like they are safe.
+
+In the examples below, the parts of the html that you can change are denoted
+with "XXX"; everything else must appear exactly as shown to be accepted by the
+plugin.
+
+## google maps
+
+Use html like this to embed a map:
+
+       <iframe width="XXX" height="XXX" frameborder="XXX" scrolling="XXXX" marginheight="XXXX" marginwidth="XXXX" src="http://maps.google.com/?XXX"></iframe>
+
+(This method only allows embeddeding a simple map. To use the full
+[Google Maps API](http://www.google.com/apis/maps/) from ikiwiki, including
+drawing points and GPS tracks on the map, try the [[contrib/googlemaps]]
+plugin.)
+
+## youtube
+
+Use html like this to embed a video:
+
+       <object width="XXX" height="XXX"><param name="movie" value="http://www.youtube.com/v/XXX"></param><param name="wmode" value="transparent"></param>
+       <embed src="http://www.youtube.com/v/XXX" type="application/x-shockwave-flash" wmode="transparent" width="XXX" height="XXX"></embed></object>
+
+## google video
+
+Use html like this to embed a video:
+
+       <embed style="width:XXXpx; height:XXXpx;" id="XXX" type="application/x-shockwave-flash" src="http://video.google.com/googleplayer.swf?XXX" flashvars=""></embed>
+
+## google calendar
+
+Use html like this to embed a calendar:
+
+       <iframe src="http://www.google.com/calendar/embed?XXX" style="border-width:XXX" width="XXX" frameborder="XXX" height="XXX"></iframe>
+
index 940918078a284c00a767be021237bcf187b5c54f..6d7429d146fa31c8704ea280bb4a00e35cbd04da 100644 (file)
@@ -1,6 +1,8 @@
 [[template id=plugin name=googlecalendar author="[[Joey]]"]]
 [[tag type/special-purpose]]
 
+*Note*: This plugin is deprecated. Please switch to the [[embed]] plugin.
+
 This plugin allows embedding a google calendar iframe in the wiki.
 Normally, if the [[htmlscrubber]] is enabled, such iframes are scrubbed out
 of the wiki content since they're not very safe if created by malicious