From 790a339db18f1c697052446728641c9e6ef06bdb Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 1 May 2010 19:28:28 -0400 Subject: [PATCH] htmlscrubber: Also allow some other html5 tags: canvas, progress, meter, ruby, rt, rp, details, summary. --- IkiWiki/Plugin/htmlscrubber.pm | 10 +++++----- debian/changelog | 3 ++- doc/bugs/html5_support.mdwn | 22 ++++++++++++++-------- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm index d52614a4d..505a6f142 100644 --- a/IkiWiki/Plugin/htmlscrubber.pm +++ b/IkiWiki/Plugin/htmlscrubber.pm @@ -85,7 +85,7 @@ sub scrubber { video audio source section nav article aside hgroup header footer figure figcaption time mark canvas - datalist + datalist progress meter ruby rt rp details summary }], default => [undef, { ( map { $_ => 1 } qw{ @@ -104,10 +104,10 @@ sub scrubber { autofocus autoplay preload loopstart loopend end playcount controls pubdate - placeholder min max step form required - autocomplete novalidate pattern list - formenctype formmethod formnovalidate - formtarget reversed + placeholder min max step low high optimum + form required autocomplete novalidate pattern + list formenctype formmethod formnovalidate + formtarget reversed spellcheck open } ), "/" => 1, # emit proper
XHTML href => $safe_url_regexp, diff --git a/debian/changelog b/debian/changelog index e0f506f29..3d33f3bfc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,7 +7,8 @@ ikiwiki (3.20100428) UNRELEASED; urgency=low did not support building urls from utf-8 strings. Closes: #579713 * htmlscrubber: Allow html5 semantic tags: section nav article aside hgroup header footer figure figcaption time mark - * htmlscrubber: Also allow html5 canvas tags. + * htmlscrubber: Also allow some other html5 tags: canvas, progress, meter, + ruby, rt, rp, details, summary. * htmlscrubber: Round out html5 video support with the preload attribute and the source tag. * htmlscrubber: Allow the html5 form attributes: placeholder autofocus, diff --git a/doc/bugs/html5_support.mdwn b/doc/bugs/html5_support.mdwn index 1ca45f46d..48b63b29a 100644 --- a/doc/bugs/html5_support.mdwn +++ b/doc/bugs/html5_support.mdwn @@ -68,23 +68,29 @@ HTML5](http://www.w3.org/TR/html5-diff/). > * Use nav for the actionbar > * Use placeholder in the search box. Allows closing > [[this_todo|Add_label_to_search_form_input_field]] +> * Use details tag instead of the javascript in the toggle plugin. +> (Need to wait on browser support probably.) > --[[Joey]] # htmlscrubber.pm needs to not scrub new HTML5 elements * [new elements](http://www.w3.org/TR/html5-diff/#new-elements) -> Most of these can be supported trivially, since they are just semantic -> markup. Make a list of these, and their attributes (and which attributes -> can contain urls or other javascript injection mechanisms), and I can add -> them. (Added several now.) Others, like `embed` are *scary*. --[[Joey]] - +> Many added now. +> +> Things I left out, too hard to understand today: +> Attributes contenteditabl, contextmenu, +> data-*, draggable, hidden, role, aria-*. Tags command, keygen, +> output. +> +> Clearly unsafe: embed. +> +> Apparently cannot be used w/o javascript: menu. +> > I have not added the new `ping` attribute, because parsing a > space-separeated list of urls to avoid javascript injection is annoying, > and the attribute seems generally dubious. -> -> Need to understand better the attributes contenteditabl, contextmenu, -> data-*, draggable, hidden, role, aria-*. Have not added those. --[[Joey]] +> --[[Joey]] # HTML5 Validation and t/html.t