and --disable-plugin htmlscrubber.
diffurl => '',
anonok => 0,
rss => 0,
- sanitize => 1,
rebuild => 0,
refresh => 0,
getctime => 0,
setup => undef,
adminuser => undef,
adminemail => undef,
- plugin => [qw{inline}],
+ plugin => [qw{inline htmlscrubber}],
headercontent => '',
} #}}}
--- /dev/null
+#!/usr/bin/perl
+package IkiWiki::Plugin::htmlscrubber;
+
+use warnings;
+use strict;
+use IkiWiki;
+
+sub import { #{{{
+ IkiWiki::hook(type => "sanitize", id => "htmlscrubber",
+ call => \&sanitize);
+} # }}}
+
+sub sanitize ($) { #{{{
+ return scrubber()->scrub(shift);
+} # }}}
+
+my $_scrubber;
+sub scrubber { #{{{
+ return $_scrubber if defined $_scrubber;
+
+ eval q{use HTML::Scrubber};
+ # Lists based on http://feedparser.org/docs/html-sanitization.html
+ $_scrubber = HTML::Scrubber->new(
+ allow => [qw{
+ a abbr acronym address area b big blockquote br
+ button caption center cite code col colgroup dd del
+ dfn dir div dl dt em fieldset font form h1 h2 h3 h4
+ h5 h6 hr i img input ins kbd label legend li map
+ menu ol optgroup option p pre q s samp select small
+ span strike strong sub sup table tbody td textarea
+ tfoot th thead tr tt u ul var
+ }],
+ default => [undef, { map { $_ => 1 } qw{
+ abbr accept accept-charset accesskey action
+ align alt axis border cellpadding cellspacing
+ char charoff charset checked cite class
+ clear cols colspan color compact coords
+ datetime dir disabled enctype for frame
+ headers height href hreflang hspace id ismap
+ label lang longdesc maxlength media method
+ multiple name nohref noshade nowrap prompt
+ readonly rel rev rows rowspan rules scope
+ selected shape size span src start summary
+ tabindex target title type usemap valign
+ value vspace width
+ }}],
+ );
+ return $_scrubber;
+} # }}}
+
+1
call => \&preprocess);
IkiWiki::hook(type => "filter", id => "skeleton",
call => \&filter);
+ IkiWiki::hook(type => "sanitize", id => "skeleton",
+ call => \&sanitize);
IkiWiki::hook(type => "delete", id => "skeleton",
call => \&delete);
IkiWiki::hook(type => "change", id => "skeleton",
return "skeleton plugin result";
} # }}}
-sub filter ($) { #{{{
- my $content=shift;
+sub filter (@) { #{{{
+ my %params=@_;
IkiWiki::debug("skeleton plugin running as filter");
+ return $params{content};
+} # }}}
+
+sub sanitize ($) { #{{{
+ my $content=shift;
+
+ IkiWiki::debug("skeleton plugin running as a sanitizer");
+
return $content;
} # }}}
return $content;
} #}}}
-my $_scrubber;
-sub scrubber { #{{{
- return $_scrubber if defined $_scrubber;
-
- eval q{use HTML::Scrubber};
- # Lists based on http://feedparser.org/docs/html-sanitization.html
- $_scrubber = HTML::Scrubber->new(
- allow => [qw{
- a abbr acronym address area b big blockquote br
- button caption center cite code col colgroup dd del
- dfn dir div dl dt em fieldset font form h1 h2 h3 h4
- h5 h6 hr i img input ins kbd label legend li map
- menu ol optgroup option p pre q s samp select small
- span strike strong sub sup table tbody td textarea
- tfoot th thead tr tt u ul var
- }],
- default => [undef, { map { $_ => 1 } qw{
- abbr accept accept-charset accesskey action
- align alt axis border cellpadding cellspacing
- char charoff charset checked cite class
- clear cols colspan color compact coords
- datetime dir disabled enctype for frame
- headers height href hreflang hspace id ismap
- label lang longdesc maxlength media method
- multiple name nohref noshade nowrap prompt
- readonly rel rev rows rowspan rules scope
- selected shape size span src start summary
- tabindex target title type usemap valign
- value vspace width
- }}],
- );
- return $_scrubber;
-} # }}}
-
sub htmlize ($$) { #{{{
my $type=shift;
my $content=shift;
error("htmlization of $type not supported");
}
- if ($config{sanitize}) {
- $content=scrubber()->scrub($content);
+ if (exists $hooks{sanitize}) {
+ foreach my $id (keys %{$hooks{sanitize}}) {
+ $content=$hooks{sanitize}{$id}{call}->($content);
+ }
}
return $content;
search plugin, by passing --plugin=search or through the plugin setting in
the config file.
+ The --sanitize and --no-sanitize switches are also gone, replaced with the
+ htmlscrubber plugin. This plugin is enabled by default, to disable it,
+ use --disable-plugin=htmlscrubber, or modify the plugin setting in the
+ config file.
+
You will need to rebuild your wiki when upgrading to this version.
If you listed your wiki in /etc/ikiwiki/wikilist this will be done
automatically.
* Copied in some smileys from Moin Moin.
* Allow links of the form [[some page|page]], with whitespace in the link
text.
+ * Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber
+ and --disable-plugin htmlscrubber.
- -- Joey Hess <joeyh@debian.org> Fri, 5 May 2006 00:14:53 -0400
+ -- Joey Hess <joeyh@debian.org> Fri, 5 May 2006 01:28:19 -0400
ikiwiki (1.0) unstable; urgency=low
+++ /dev/null
-When run with the `--sanitize` switch, which is turned on by default (see
-[[usage]]), ikiwiki sanitizes the html on pages it renders to avoid XSS
-attacks and the like.
-
-ikiwiki excludes all html tags and attributes except for those that are
-whitelisted using the same lists as used by Mark Pilgrim's Universal Feed
-Parser, documented at <http://feedparser.org/docs/html-sanitization.html>.
-Notably it strips `style`, `link`, and the `style` attribute.
-
-ikiwiki uses the HTML::Scrubber perl module to perform its html
-sanitisation, and this perl module also deals with various entity encoding
-tricks.
-
-While I believe that this makes ikiwiki as resistant to malicious html
-content as anything else on the web, I cannot guarantee that it will
-actually protect every user of every browser from every browser security
-hole, badly designed feature, etc. I can provide NO WARRANTY, like it says
-in ikiwiki's [GPL](GPL) license.
-
-The web's security model is *fundamentally broken*; ikiwiki's html
-sanitisation is only a patch on the underlying gaping hole that is your web
-browser.
-
-----
-
-Some examples of embedded javascript that won't be let through.
-
-* <span style="background: url(javascript:window.location='http://example.org/')">test</span>
-* <span style="any: expression(window.location='http://example.org/')">test</span>
-* <span style="any: expression(window.location='http://example.org/')">test</span>
#anonok => 1,
# Generate rss feeds for pages?
rss => 1,
- # Sanitize html?
- sanitize => 1,
# To change the enabled plugins, edit this list
- #plugin => [qw{pagecount inline brokenlinks hyperestraier smiley}],
+ #plugin => [qw{pagecount inline brokenlinks hyperestraier smiley
+ # htmlscrubber}],
}
-ikiwiki's main outstanding security hole, lack of [[HtmlSanitization]] has
-now been addressed. ikiwiki now sanitizes html by default.
+ikiwiki's main outstanding security hole, lack of html sanitization, has
+now been addressed. ikiwiki now sanitizes html by default, using the
+[[plugins/htmlscrubber]] plugin.
If only trusted parties can edit your wiki's content, then you might want
to turn this sanitization back off to allow use of potentially dangerous
-tags. To do so, pass --no-sanitize or set "sanitize => 0," in your
-[[ikiwiki.setup]].
+tags. To do so, pass --disable-plugin=sanitize or edit the plugins
+configuration in your [[ikiwiki.setup]].
There's documentation if you want to [[write]] your own plugins, or you can install and use plugins contributed by others.
The ikiwiki package includes some standard plugins that are installed and
-by default. These include [[inline]], [[pagecount]], [[brokenlinks]],
-[[search]], [[smiley]], and even [[haiku]].
-Of these, [[inline]] is enabled by default.
+by default. These include [[inline]], [[htmlscrubber]], [[pagecount]],
+[[brokenlinks]], [[search]], [[smiley]], and even [[haiku]].
+Of these, [[inline]] and [[htmlscrubber]] are enabled by default.
To enable other plugins, use the `--plugin` switch described in [[usage]],
or the equivalent line in [[ikiwiki.setup]].
--- /dev/null
+This plugin is enabled by default. It sanitizes the html on pages it renders
+to avoid XSS attacks and the like.
+
+It excludes all html tags and attributes except for those that are
+whitelisted using the same lists as used by Mark Pilgrim's Universal Feed
+Parser, documented at <http://feedparser.org/docs/html-sanitization.html>.
+Notably it strips `style`, `link`, and the `style` attribute.
+
+It uses the HTML::Scrubber perl module to perform its html
+sanitisation, and this perl module also deals with various entity encoding
+tricks.
+
+While I believe that this makes ikiwiki as resistant to malicious html
+content as anything else on the web, I cannot guarantee that it will
+actually protect every user of every browser from every browser security
+hole, badly designed feature, etc. I can provide NO WARRANTY, like it says
+in ikiwiki's [GPL](GPL) license.
+
+The web's security model is *fundamentally broken*; ikiwiki's html
+sanitisation is only a patch on the underlying gaping hole that is your web
+browser.
+
+----
+
+Some examples of embedded javascript that won't be let through when this
+plugin is active:
+
+* <span style="background: url(javascript:window.location='http://example.org/')">test</span>
+* <span style="any: expression(window.location='http://example.org/')">test</span>
+* <span style="any: expression(window.location='http://example.org/')">test</span>
### Html issues
-Note that if [[HTMLSanitization]] is enabled, html in
+Note that if the [[htmlscrubber]] is enabled, html in
[[PreProcessorDirective]] output is sanitised, which may limit what your
plugin can do. Also, the rest of the page content is not in html format at
preprocessor time. Text output by a preprocessor directive will be passed
Runs on the raw source of a page, before anything else touches it, and can
make arbitrary changes. The function is passed named parameters `page` and
-`content` should return the filtered content.
+`content` and should return the filtered content.
+
+### sanitize
+
+ IkiWiki::hook(type => "filter", id => "foo", call => \&sanitize);
+
+Use this to implement html sanitization or anything else that needs to
+modify the content of a page after it has been fully converted to html.
+The function is passed the page content and should return the sanitized
+content.
### delete
## XSS attacks in page content
-ikiwiki supports [[HtmlSanitization]], though it can be turned off.
+ikiwiki supports protecting users from their own broken browsers via the
+[[plugins/htmlscrubber]] plugin, which is enabled by default.
or something. It's possible that this is a special case of backlinks and
is best implemented by making backlinks a plugin somehow. --[[Joey]]
-* Splitting out html sanitisation should be easy to do.
-
* interwiki links
All the kinds of plugins that blogging software has is also a possibility:
Currently allows locking of any page, other powers may be added later.
May be specified multiple times for multiple admins.
-* --sanitize
-
- Enable [[HtmlSanitization]] of wiki content. On by default, disable with
- --no-sanitize.
-
* --plugin name
Enables the use of the specified plugin in the wiki. See [[plugins]] for
details. Note that plugin names are case sensative.
+* --disable-plugin name
+
+ Disables use of a plugin. For example "--disable-plugin htmlscrubber"
+ to do away with html sanitization.
+
* --verbose
Be vebose about what is being done.
"rss!" => \$config{rss},
"cgi!" => \$config{cgi},
"notify!" => \$config{notify},
- "sanitize!" => \$config{sanitize},
"url=s" => \$config{url},
"cgiurl=s" => \$config{cgiurl},
"historyurl=s" => \$config{historyurl},
},
"plugin=s@" => sub {
push @{$config{plugin}}, $_[1];
- }
+ },
+ "disable-plugin=s@" => sub {
+ $config{plugin}=[grep { $_ ne $_[1] } @{$config{plugin}} ];
+ },
) || usage();
if (! $config{setup}) {