]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commitdiff
fix backport
authorJoey Hess <joey@kodama.kitenet.net>
Sun, 10 Feb 2008 18:55:34 +0000 (13:55 -0500)
committerJoey Hess <joey@kodama.kitenet.net>
Sun, 10 Feb 2008 18:55:34 +0000 (13:55 -0500)
IkiWiki/Plugin/htmlscrubber.pm
debian/changelog
t/htmlize.t

index c4a0d60af9e63c46cad83a5754233b26018ee003..60ad17baf224ef4cdbd56d87b4ee717770a6625d 100644 (file)
@@ -53,7 +53,7 @@ sub scrubber { #{{{
                        span strike strong sub sup table tbody td textarea
                        tfoot th thead tr tt u ul var
                }],
-               default => [undef, { map { $_ => 1 } qw{
+               default => [undef, { map { $_ => 1 } qw{
                        abbr accept accept-charset accesskey
                        align alt axis border cellpadding cellspacing
                        char charoff charset checked cite class
@@ -66,7 +66,8 @@ sub scrubber { #{{{
                        selected shape size span start summary
                        tabindex target title type usemap valign
                        value vspace width
-               }, "/" => 1, # emit proper <hr /> XHTML
+               } ),
+               "/" => 1, # emit proper <hr /> XHTML
                href => $link,
                src => $link,
                action => $link,
index 4776e146186434e649ab3d84bae65c34711174da..7dd7a2a29101cbb61f1727ee2a5a27903cc4c731 100644 (file)
@@ -1,6 +1,6 @@
-ikiwiki (1.33.4) testing-proposed-updates; urgency=medium
+ikiwiki (1.33.4) stable-security; urgency=high
 
-  * htmlscrubber security fix: Block javascript in uris.
+  * htmlscrubber security fix: Block javascript in uris. Closes: #465110
   * Add htmlscrubber test suite.
 
  -- Joey Hess <joeyh@debian.org>  Sun, 10 Feb 2008 13:34:28 -0500
index edf357010a0b551b58f895908cfd1858bc9e5f95..0be94ab6b91e69a9106ef76a133fabc8baf6c75a 100755 (executable)
@@ -58,13 +58,17 @@ ok(gotcha(q{<img src="javascript.png?GOTCHA">}), "not javascript");
 ok(gotcha(q{<a href="javascript.png?GOTCHA">foo</a>}), "not javascript");
 is(IkiWiki::htmlize("foo", "mdwn",
        q{<img alt="foo" src="foo.gif">}),
-       q{<img alt="foo" src="foo.gif">}, "img with alt tag allowed");
+       q{<p><img alt="foo" src="foo.gif"></p>
+}, "img with alt tag allowed");
 is(IkiWiki::htmlize("foo", "mdwn",
        q{<a href="http://google.com/">}),
-       q{<a href="http://google.com/">}, "absolute url allowed");
+       q{<p><a href="http://google.com/"></p>
+}, "absolute url allowed");
 is(IkiWiki::htmlize("foo", "mdwn",
        q{<a href="foo.html">}),
-       q{<a href="foo.html">}, "relative url allowed");
+       q{<p><a href="foo.html"></p>
+}, "relative url allowed");
 is(IkiWiki::htmlize("foo", "mdwn",
        q{<span class="foo">bar</span>}),
-       q{<span class="foo">bar</span>}, "class attribute allowed");
+       q{<p><span class="foo">bar</span></p>
+}, "class attribute allowed");