urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

export $safe_url_regexp

master
Joey Hess 2008-02-10 17:07:21 -05:00
parent d20e24b636
commit 4bfdbd4858
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
IkiWiki/Plugin/htmlscrubber.pm
View File

@ -5,19 +5,13 @@ use warnings;
use strict;
use IkiWiki 2.00;
# This regexp matches urls that are in a known safe scheme.
# Feel free to use it from other plugins.
our $safe_url_regexp;
sub import { #{{{
hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
} # }}}
sub sanitize (@) { #{{{
my %params=@_;
return scrubber()->scrub($params{content});
} # }}}
my $_scrubber;
sub scrubber { #{{{
return $_scrubber if defined $_scrubber;
# Only known uri schemes are allowed to avoid all the ways of
# embedding javascrpt.
# List at http://en.wikipedia.org/wiki/URI_scheme
@ -37,7 +31,17 @@ sub scrubber { #{{{
);
# data is a special case. Allow data:image/*, but
# disallow data:text/javascript and everything else.
my $link=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+$)/i;
$safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+$)/i;
} # }}}
sub sanitize (@) { #{{{
my %params=@_;
return scrubber()->scrub($params{content});
} # }}}
my $_scrubber;
sub scrubber { #{{{
return $_scrubber if defined $_scrubber;
eval q{use HTML::Scrubber};
error($@) if $@;
@ -72,13 +76,13 @@ sub scrubber { #{{{
playcount controls
} ),
"/" => 1, # emit proper <hr /> XHTML
href => $link,
src => $link,
action => $link,
cite => $link,
longdesc => $link,
poster => $link,
usemap => $link,
href => $safe_url_regexp,
src => $safe_url_regexp,
action => $safe_url_regexp,
cite => $safe_url_regexp,
longdesc => $safe_url_regexp,
poster => $safe_url_regexp,
usemap => $safe_url_regexp,
}],
);
return $_scrubber;