span strike strong sub sup table tbody td textarea
tfoot th thead tr tt u ul var
}],
- default => [undef, { map { $_ => 1 } qw{
+ default => [undef, { ( map { $_ => 1 } qw{
abbr accept accept-charset accesskey
align alt axis border cellpadding cellspacing
char charoff charset checked cite class
selected shape size span start summary
tabindex target title type usemap valign
value vspace width
- }, "/" => 1, # emit proper <hr /> XHTML
+ } ),
+ "/" => 1, # emit proper <hr /> XHTML
href => $link,
src => $link,
action => $link,
-ikiwiki (1.33.4) testing-proposed-updates; urgency=medium
+ikiwiki (1.33.4) stable-security; urgency=high
- * htmlscrubber security fix: Block javascript in uris.
+ * htmlscrubber security fix: Block javascript in uris. Closes: #465110
* Add htmlscrubber test suite.
-- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:34:28 -0500
ok(gotcha(q{<a href="javascript.png?GOTCHA">foo</a>}), "not javascript");
is(IkiWiki::htmlize("foo", "mdwn",
q{<img alt="foo" src="foo.gif">}),
- q{<img alt="foo" src="foo.gif">}, "img with alt tag allowed");
+ q{<p><img alt="foo" src="foo.gif"></p>
+}, "img with alt tag allowed");
is(IkiWiki::htmlize("foo", "mdwn",
q{<a href="http://google.com/">}),
- q{<a href="http://google.com/">}, "absolute url allowed");
+ q{<p><a href="http://google.com/"></p>
+}, "absolute url allowed");
is(IkiWiki::htmlize("foo", "mdwn",
q{<a href="foo.html">}),
- q{<a href="foo.html">}, "relative url allowed");
+ q{<p><a href="foo.html"></p>
+}, "relative url allowed");
is(IkiWiki::htmlize("foo", "mdwn",
q{<span class="foo">bar</span>}),
- q{<span class="foo">bar</span>}, "class attribute allowed");
+ q{<p><span class="foo">bar</span></p>
+}, "class attribute allowed");