Also filter the attributes cite, longdesc, and usemap, which can contain URIs

diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
index 897a398bae7cfe1d87b1b1b618857a407afa10f7..8136bdadce567c6ae21432755d73b4d0b9a01a73 100644 (file)
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -58,15 +58,15 @@ sub scrubber { #{{{
                        map { $_ => 1 } qw{
                                abbr accept accept-charset accesskey
                                align alt axis border cellpadding cellspacing
                        map { $_ => 1 } qw{
                                abbr accept accept-charset accesskey
                                align alt axis border cellpadding cellspacing

-                               char charoff charset checked cite class
+                               char charoff charset checked class

                                clear cols colspan color compact coords
                                datetime dir disabled enctype for frame
                                headers height hreflang hspace id ismap
                                clear cols colspan color compact coords
                                datetime dir disabled enctype for frame
                                headers height hreflang hspace id ismap

-                               label lang longdesc maxlength media method
+                               label lang maxlength media method

                                multiple name nohref noshade nowrap prompt
                                readonly rel rev rows rowspan rules scope
                                selected shape size span start summary
                                multiple name nohref noshade nowrap prompt
                                readonly rel rev rows rowspan rules scope
                                selected shape size span start summary

-                               tabindex target title type usemap valign
+                               tabindex target title type valign

                                value vspace width
                                autoplay loopstart loopend end
                                playcount controls 
                                value vspace width
                                autoplay loopstart loopend end
                                playcount controls 


@@ -75,7 +75,10 @@ sub scrubber { #{{{
                        href => $link,
                        src => $link,
                        action => $link,
                        href => $link,
                        src => $link,
                        action => $link,

+                       cite => $link,
+                       longdesc => $link,

                        poster => $link,
                        poster => $link,

+                       usemap => $link,

                }],
        );
        return $_scrubber;
                }],
        );
        return $_scrubber;

diff --git a/debian/changelog b/debian/changelog
index 35dd1b6f181507c99b18ed8a312b59947d3d98f9..de58d2d7db5ef8e5b46fb261a29d38606b7b0196 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,8 +4,10 @@ ikiwiki (2.32.3) UNRELEASED; urgency=low
     URIs like a limited version of data: URIs.  In particular, some
     versions of Internet Explorer interpret arbitrary HTML content in
     about: URIs.
     URIs like a limited version of data: URIs.  In particular, some
     versions of Internet Explorer interpret arbitrary HTML content in
     about: URIs.

+  * Also filter the attributes cite, longdesc, and usemap, which can contain
+    URIs.

 
 

- -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:18:58 -0800
+ -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:59:00 -0800

 
 ikiwiki (2.31.2) unstable; urgency=high
 
 
 ikiwiki (2.31.2) unstable; urgency=high