urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

meta headers are not sanitised; prevent html leaking into them

master
joey 2006-06-02 06:11:22 +00:00
parent 03867bf323
commit 5454186939
3 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
IkiWiki/Plugin/meta.pm
View File

@ -27,11 +27,13 @@ sub preprocess (@) { #{{{
my $page=$params{page};
delete $params{page};
eval q{use CGI 'escapeHTML'};
if ($key eq 'link') {
if (%params) {
$meta{$page}='' unless exists $meta{$page};
$meta{$page}.="<link href=\"$value\" ".
join(" ", map { "$_=\"$params{$_}\"" } keys %params).
$meta{$page}.="<link href=\"".escapeHTML($value)."\" ".
join(" ", map { escapeHTML("$_=\"$params{$_}\"") } keys %params).
" />\n";
}
else {
@ -40,11 +42,11 @@ sub preprocess (@) { #{{{
}
}
elsif ($key eq 'title') {
$title{$page}=$value;
$title{$page}=escapeHTML($value);
}
else {
$meta{$page}='' unless exists $meta{$page};
$meta{$page}.="<meta name=\"$key\" content=\"$value\" />\n";
$meta{$page}.="<meta name=\"".escapeHTML($key)."\" content=\"".escapeHTML($value)."\" />\n";
}
return "";

6
doc/plugins/meta.mdwn
View File

@ -1,4 +1,6 @@
This plugin allows inserting arbitrary metadata into the source of a page.
This plugin is not enabled by default. If it is enabled, the title of this
page will say it is. [[meta title="meta plugin (enabled)"]]
Enter the metadata as follows:
\\[[meta field="value"]]
@ -39,7 +41,3 @@ You can use any field names you like, but here are some predefined ones:
If the field is not treated specially (as the link and title fields are),
the metadata will be written to the generated html page as a &lt;meta&gt;
header.
This plugin is not enabled by default. If it is enabled, the title of this
page will say it is.
[[meta title="meta plugin (enabled)"]]

18
doc/plugins/write.mdwn
View File

@ -79,15 +79,6 @@ Runs on the raw source of a page, before anything else touches it, and can
make arbitrary changes. The function is passed named parameters `page` and
`content` and should return the filtered content.
## sanitize
IkiWiki::hook(type => "filter", id => "foo", call => \&sanitize);
Use this to implement html sanitization or anything else that needs to
modify the content of a page after it has been fully converted to html.
The function is passed the page content and should return the sanitized
content.
## pagetemplate
IkiWiki::hook(type => "pagetemplate", id => "foo", call => \&pagetemplate);
@ -99,6 +90,15 @@ be used to generate the page. It can manipulate that template, the most
common thing to do is probably to call $template->param() to add a new
custom parameter to the template.
## sanitize
IkiWiki::hook(type => "sanitize", id => "foo", call => \&sanitize);
Use this to implement html sanitization or anything else that needs to
modify the content of a page after it has been fully converted to html.
The function is passed the page content and should return the sanitized
content.
## delete
IkiWiki::hook(type => "delete", id => "foo", call => \&dele);