Also filter the attributes cite, longdesc, and usemap, which can contain URIs

author Josh Triplett <josh@freedesktop.org>

Sun, 10 Feb 2008 21:59:37 +0000 (13:59 -0800)

committer Joey Hess <joey@kodama.kitenet.net>

Sun, 10 Feb 2008 23:50:48 +0000 (18:50 -0500)
author Josh Triplett <josh@freedesktop.org>
Sun, 10 Feb 2008 21:59:37 +0000 (13:59 -0800)
committer Joey Hess <joey@kodama.kitenet.net>
Sun, 10 Feb 2008 23:50:48 +0000 (18:50 -0500)
diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm

index 897a398bae7cfe1d87b1b1b618857a407afa10f7..8136bdadce567c6ae21432755d73b4d0b9a01a73 100644 (file)
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -58,15 +58,15 @@ sub scrubber { #{{{
                         map { $_ => 1 } qw{
                                 abbr accept accept-charset accesskey
                                 align alt axis border cellpadding cellspacing
-                               char charoff charset checked cite class
+                               char charoff charset checked class
                                 clear cols colspan color compact coords
                                 datetime dir disabled enctype for frame
                                 headers height hreflang hspace id ismap
-                               label lang longdesc maxlength media method
+                               label lang maxlength media method
                                 multiple name nohref noshade nowrap prompt
                                 readonly rel rev rows rowspan rules scope
                                 selected shape size span start summary
-                               tabindex target title type usemap valign
+                               tabindex target title type valign
                                 value vspace width
                                 autoplay loopstart loopend end
                                 playcount controls 
@@ -75,7 +75,10 @@ sub scrubber { #{{{
                         href => $link,
                         src => $link,
                         action => $link,
+                       cite => $link,
+                       longdesc => $link,
                         poster => $link,
+                       usemap => $link,
                 }],
         );
         return $_scrubber;
diff --git a/debian/changelog b/debian/changelog

index 35dd1b6f181507c99b18ed8a312b59947d3d98f9..de58d2d7db5ef8e5b46fb261a29d38606b7b0196 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,8 +4,10 @@ ikiwiki (2.32.3) UNRELEASED; urgency=low
      URIs like a limited version of data: URIs.  In particular, some
      versions of Internet Explorer interpret arbitrary HTML content in
      about: URIs.
+  * Also filter the attributes cite, longdesc, and usemap, which can contain
+    URIs.
  
- -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:18:58 -0800
+ -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:59:00 -0800
  
  ikiwiki (2.31.2) unstable; urgency=high
author	Josh Triplett <josh@freedesktop.org>
	Sun, 10 Feb 2008 21:59:37 +0000 (13:59 -0800)
committer	Joey Hess <joey@kodama.kitenet.net>
	Sun, 10 Feb 2008 23:50:48 +0000 (18:50 -0500)
IkiWiki/Plugin/htmlscrubber.pm		patch \| blob \| history
debian/changelog		patch \| blob \| history