* Add embed plugin, which allows embedding content from google maps, video,
calendar, and youtube. Normally, the htmlsanitiser eats these since they use unsafe tags, the embed plugin overrides it for trusted sites. * The googlecalendar plugin is now deprecated, and will be removed eventually. Please switch to using the embed plugin.master
parent
1c033e5d14
commit
27d029113f
|
@ -0,0 +1,68 @@
|
||||||
|
#!/usr/bin/perl
|
||||||
|
package IkiWiki::Plugin::embed;
|
||||||
|
|
||||||
|
use warnings;
|
||||||
|
use strict;
|
||||||
|
use IkiWiki 2.00;
|
||||||
|
|
||||||
|
my $attribr=qr/[^<>"]+/;
|
||||||
|
|
||||||
|
# regexp matching known-safe html
|
||||||
|
my $safehtml=qr{(
|
||||||
|
# google maps
|
||||||
|
<\s*iframe\s+width="\d+"\s+height="\d+"\s+frameborder="$attribr"\s+
|
||||||
|
scrolling="$attribr"\s+marginheight="\d+"\s+marginwidth="\d+"\s+
|
||||||
|
src="http://maps.google.com/\?$attribr"\s*>\s*</iframe>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
||||||
|
# youtube
|
||||||
|
<\s*object\s+width="\d+"\s+height="\d+"\s*>\s*
|
||||||
|
<\s*param\s+name="movie"\s+value="http://www.youtube.com/v/$attribr"\s*>\s*
|
||||||
|
</param>\s*
|
||||||
|
<\s*param\s+name="wmode"\s+value="transparent"\s*>\s*</param>\s*
|
||||||
|
<embed\s+src="http://www.youtube.com/v/$attribr"\s+
|
||||||
|
type="application/x-shockwave-flash"\s+wmode="transparent"\s+
|
||||||
|
width="\d+"\s+height="\d+"\s*>\s*</embed>\s*</object>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
||||||
|
# google video
|
||||||
|
<\s*embed\s+style="\s*width:\d+px;\s+height:\d+px;\s*"\s+id="$attribr"\s+
|
||||||
|
type="application/x-shockwave-flash"\s+
|
||||||
|
src="http://video.google.com/googleplayer.swf\?$attribr"\s+
|
||||||
|
flashvars=""\s*>\s*</embed>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
||||||
|
# google calendar
|
||||||
|
<\s*iframe\s+src="http://www.google.com/calendar/embed\?src=$attribr"\s+
|
||||||
|
style="\s*border-width:\d+\s*"\s+width="\d+"\s+frameborder="\d+"\s*
|
||||||
|
height="\d+"\s*>\s*</iframe>
|
||||||
|
)}sx;
|
||||||
|
|
||||||
|
my @embedded;
|
||||||
|
|
||||||
|
sub import { #{{{
|
||||||
|
hook(type => "filter", id => "embed", call => \&filter);
|
||||||
|
} # }}}
|
||||||
|
|
||||||
|
sub embed ($) { #{{{
|
||||||
|
hook(type => "format", id => "embed", call => \&format) unless @embedded;
|
||||||
|
push @embedded, shift;
|
||||||
|
return "<div class=\"embed$#embedded\"></div>";
|
||||||
|
} #}}}
|
||||||
|
|
||||||
|
sub filter (@) { #{{{
|
||||||
|
my %params=@_;
|
||||||
|
$params{content} =~ s/$safehtml/embed($1)/eg;
|
||||||
|
return $params{content};
|
||||||
|
} # }}}
|
||||||
|
|
||||||
|
sub format (@) { #{{{
|
||||||
|
my %params=@_;
|
||||||
|
$params{content} =~ s/<div class="embed(\d+)"><\/div>/$embedded[$1]/eg;
|
||||||
|
return $params{content};
|
||||||
|
} # }}}
|
||||||
|
|
||||||
|
1
|
|
@ -52,8 +52,13 @@ ikiwiki (2.6) UNRELEASED; urgency=low
|
||||||
* Call decode_form_utf8 before running formbuilder_setup hooks.
|
* Call decode_form_utf8 before running formbuilder_setup hooks.
|
||||||
* Add editdiff plugin contributed by Jeremie Koenig.
|
* Add editdiff plugin contributed by Jeremie Koenig.
|
||||||
* Fix it to not leak path info.
|
* Fix it to not leak path info.
|
||||||
|
* Add embed plugin, which allows embedding content from google maps, video,
|
||||||
|
calendar, and youtube. Normally, the htmlsanitiser eats these since they
|
||||||
|
use unsafe tags, the embed plugin overrides it for trusted sites.
|
||||||
|
* The googlecalendar plugin is now deprecated, and will be removed
|
||||||
|
eventually. Please switch to using the embed plugin.
|
||||||
|
|
||||||
-- Joey Hess <joeyh@debian.org> Wed, 22 Aug 2007 16:56:22 -0400
|
-- Joey Hess <joeyh@debian.org> Thu, 23 Aug 2007 14:08:46 -0400
|
||||||
|
|
||||||
ikiwiki (2.5) unstable; urgency=low
|
ikiwiki (2.5) unstable; urgency=low
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
[[template id=plugin name=embed author="[[Joey]]"]]
|
||||||
|
[[tag type/html]]
|
||||||
|
|
||||||
|
This plugin allows embedding content from external sites on
|
||||||
|
wiki pages.
|
||||||
|
|
||||||
|
Normally, the [[htmlscrubber]] does not allow the tags that are used for
|
||||||
|
embedding content from external sites, since `<iframe>`, `<embed>`, and
|
||||||
|
`<object>` tags can be used for various sorts of attacks. This plugin
|
||||||
|
allows such tags to be put on a page, if they look like they are safe.
|
||||||
|
|
||||||
|
In the examples below, the parts of the html that you can change are denoted
|
||||||
|
with "XXX"; everything else must appear exactly as shown to be accepted by the
|
||||||
|
plugin.
|
||||||
|
|
||||||
|
## google maps
|
||||||
|
|
||||||
|
Use html like this to embed a map:
|
||||||
|
|
||||||
|
<iframe width="XXX" height="XXX" frameborder="XXX" scrolling="XXXX" marginheight="XXXX" marginwidth="XXXX" src="http://maps.google.com/?XXX"></iframe>
|
||||||
|
|
||||||
|
(This method only allows embeddeding a simple map. To use the full
|
||||||
|
[Google Maps API](http://www.google.com/apis/maps/) from ikiwiki, including
|
||||||
|
drawing points and GPS tracks on the map, try the [[contrib/googlemaps]]
|
||||||
|
plugin.)
|
||||||
|
|
||||||
|
## youtube
|
||||||
|
|
||||||
|
Use html like this to embed a video:
|
||||||
|
|
||||||
|
<object width="XXX" height="XXX"><param name="movie" value="http://www.youtube.com/v/XXX"></param><param name="wmode" value="transparent"></param>
|
||||||
|
<embed src="http://www.youtube.com/v/XXX" type="application/x-shockwave-flash" wmode="transparent" width="XXX" height="XXX"></embed></object>
|
||||||
|
|
||||||
|
## google video
|
||||||
|
|
||||||
|
Use html like this to embed a video:
|
||||||
|
|
||||||
|
<embed style="width:XXXpx; height:XXXpx;" id="XXX" type="application/x-shockwave-flash" src="http://video.google.com/googleplayer.swf?XXX" flashvars=""></embed>
|
||||||
|
|
||||||
|
## google calendar
|
||||||
|
|
||||||
|
Use html like this to embed a calendar:
|
||||||
|
|
||||||
|
<iframe src="http://www.google.com/calendar/embed?XXX" style="border-width:XXX" width="XXX" frameborder="XXX" height="XXX"></iframe>
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
[[template id=plugin name=googlecalendar author="[[Joey]]"]]
|
[[template id=plugin name=googlecalendar author="[[Joey]]"]]
|
||||||
[[tag type/special-purpose]]
|
[[tag type/special-purpose]]
|
||||||
|
|
||||||
|
*Note*: This plugin is deprecated. Please switch to the [[embed]] plugin.
|
||||||
|
|
||||||
This plugin allows embedding a google calendar iframe in the wiki.
|
This plugin allows embedding a google calendar iframe in the wiki.
|
||||||
Normally, if the [[htmlscrubber]] is enabled, such iframes are scrubbed out
|
Normally, if the [[htmlscrubber]] is enabled, such iframes are scrubbed out
|
||||||
of the wiki content since they're not very safe if created by malicious
|
of the wiki content since they're not very safe if created by malicious
|
||||||
|
|
Loading…
Reference in New Issue