Also filter the attributes cite, longdesc, and usemap, which can contain URIs

diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
index 897a398bae7cfe1d87b1b1b618857a407afa10f7..8136bdadce567c6ae21432755d73b4d0b9a01a73 100644 (file)
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -58,15 +58,15 @@ sub scrubber { #{{{
                        map { $_ => 1 } qw{
                                abbr accept accept-charset accesskey
                                align alt axis border cellpadding cellspacing
                        map { $_ => 1 } qw{
                                abbr accept accept-charset accesskey
                                align alt axis border cellpadding cellspacing

-                               char charoff charset checked cite class
+                               char charoff charset checked class

                                clear cols colspan color compact coords
                                datetime dir disabled enctype for frame
                                headers height hreflang hspace id ismap
                                clear cols colspan color compact coords
                                datetime dir disabled enctype for frame
                                headers height hreflang hspace id ismap

-                               label lang longdesc maxlength media method
+                               label lang maxlength media method

                                multiple name nohref noshade nowrap prompt
                                readonly rel rev rows rowspan rules scope
                                selected shape size span start summary
                                multiple name nohref noshade nowrap prompt
                                readonly rel rev rows rowspan rules scope
                                selected shape size span start summary

-                               tabindex target title type usemap valign
+                               tabindex target title type valign

                                value vspace width
                                autoplay loopstart loopend end
                                playcount controls 
                                value vspace width
                                autoplay loopstart loopend end
                                playcount controls 


@@ -75,7 +75,10 @@ sub scrubber { #{{{
                        href => $link,
                        src => $link,
                        action => $link,
                        href => $link,
                        src => $link,
                        action => $link,

+                       cite => $link,
+                       longdesc => $link,

                        poster => $link,
                        poster => $link,

+                       usemap => $link,

                }],
        );
        return $_scrubber;
                }],
        );
        return $_scrubber;

diff --git a/debian/changelog b/debian/changelog
index 36da7c0bf8333d40f1609c0423326fdca6ab8e10..1b4b70d8c74749cad9d06b67988b76ba9d47f145 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,8 +15,10 @@ ikiwiki (2.31.3) unstable; urgency=high
     URIs like a limited version of data: URIs.  In particular, some
     versions of Internet Explorer interpret arbitrary HTML content in
     about: URIs.
     URIs like a limited version of data: URIs.  In particular, some
     versions of Internet Explorer interpret arbitrary HTML content in
     about: URIs.

+  * Also filter the attributes cite, longdesc, and usemap, which can contain
+    URIs.

 
 

- -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:18:58 -0800
+ -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:59:00 -0800

 
 ikiwiki (2.31.2) unstable; urgency=high
 
 
 ikiwiki (2.31.2) unstable; urgency=high