safe => 1,
rebuild => undef,
},
+ htmlscrubber_skip => {
+ type => "pagespec",
+ example => "!*/Discussion",
+ description => "PageSpec specifying pages not to scrub",
+ link => "ikiwiki/PageSpec",
+ safe => 1,
+ rebuild => undef,
+ },
} #}}}
sub sanitize (@) { #{{{
my %params=@_;
+
+ if (exists $config{htmlscrubber_skip} &&
+ length $config{htmlscrubber_skip} &&
+ exists $params{destpage} &&
+ pagespec_match($params{destpage}, $config{htmlscrubber_skip})) {
+ return $params{content};
+ }
+
return scrubber()->scrub($params{content});
} # }}}
* git: Fix handling of utf-8 filenames in recentchanges.
* tag: Make edit link for new tags ensure that the tags are created
inside tagbase, when it's set.
+ * htmlscrubber: Add a config setting that can be used to disable the
+ scrubber acting on a set of pages.
-- Joey Hess <joeyh@debian.org> Thu, 25 Sep 2008 13:45:55 -0400
other HTML-related functionality, such as whether [[meta]] allows
potentially unsafe HTML tags.
+The `htmlscrubber_skip` configuration setting can be used to skip scrubbing
+of some pages. Set it to a [[PageSpec]], such as "!*/Discussion", and pages
+matching that can have all the evil CSS, JavsScript, and unsafe html
+elements you like. One safe way to use this is to use [[lockedit]] to lock
+those pages, so only admins can edit them.
+
----
Some examples of embedded javascript that won't be let through when this