From: Josh Triplett <josh@freedesktop.org>
Date: Sun, 10 Feb 2008 21:59:37 +0000 (-0800)
Subject: Also filter the attributes cite, longdesc, and usemap, which can contain URIs
X-Git-Tag: 2.40~124
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/d20e24b636c512fb47b2ca42a0677a3bab4d3fcb

Also filter the attributes cite, longdesc, and usemap, which can contain URIs
---

diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
index 897a398ba..8136bdadc 100644
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -58,15 +58,15 @@ sub scrubber { #{{{
 			map { $_ => 1 } qw{
 				abbr accept accept-charset accesskey
 				align alt axis border cellpadding cellspacing
-				char charoff charset checked cite class
+				char charoff charset checked class
 				clear cols colspan color compact coords
 				datetime dir disabled enctype for frame
 				headers height hreflang hspace id ismap
-				label lang longdesc maxlength media method
+				label lang maxlength media method
 				multiple name nohref noshade nowrap prompt
 				readonly rel rev rows rowspan rules scope
 				selected shape size span start summary
-				tabindex target title type usemap valign
+				tabindex target title type valign
 				value vspace width
 				autoplay loopstart loopend end
 				playcount controls 
@@ -75,7 +75,10 @@ sub scrubber { #{{{
 			href => $link,
 			src => $link,
 			action => $link,
+			cite => $link,
+			longdesc => $link,
 			poster => $link,
+			usemap => $link,
 		}],
 	);
 	return $_scrubber;
diff --git a/debian/changelog b/debian/changelog
index 36da7c0bf..1b4b70d8c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,8 +15,10 @@ ikiwiki (2.31.3) unstable; urgency=high
     URIs like a limited version of data: URIs.  In particular, some
     versions of Internet Explorer interpret arbitrary HTML content in
     about: URIs.
+  * Also filter the attributes cite, longdesc, and usemap, which can contain
+    URIs.
 
- -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:18:58 -0800
+ -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:59:00 -0800
 
 ikiwiki (2.31.2) unstable; urgency=high