urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Add a googlecalendar plugin. A bit special-purpose, but it shows 

one way to to deal with user-supplied content that could cause XSS
  issues w/o the htmlscrubber, and won't survive the scrubber.
master
joey 2006-09-09 07:11:51 +00:00
parent 1431e29934
commit aa2b3b8f63
3 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
IkiWiki/Plugin/googlecalendar.pm 100644
View File

@ -0,0 +1,46 @@
#!/usr/bin/perl
package IkiWiki::Plugin::googlecalendar;
use warnings;
use strict;
use IkiWiki;
use IPC::Open2;
sub import { #{{{
IkiWiki::hook(type => "preprocess", id => "googlecalendar",
call => \&preprocess);
IkiWiki::hook(type => "format", id => "googlecalendar",
call => \&format);
} # }}}
sub preprocess (@) { #{{{
my %params=@_;
# Parse the html, looking for the url to embed for the calendar.
# Avoid XSS attacks..
my ($url)=$params{html}=~m#iframe\s+src="http://www\.google\.com/calendar/embed\?([^"<>]+)"#;
if (! defined $url || ! length $url) {
return "[[googlecalendar failed to find url in html]]";
}
my ($height)=$params{html}=~m#height="(\d+)"#;
my ($width)=$params{html}=~m#width="(\d+)"#;
return "<div class=\"googlecalendar\" src=\"$url\" height=\"$height\" width=\"$width\"></div>";
} # }}}
sub format (@) { #{{{
my %params=@_;
$params{content}=~s/<div class=\"googlecalendar" src="([^"]+)" height="([^"]+)" width="([^"]+)"><\/div>/gencal($1,$2,$3)/eg;
return $params{content};
} # }}}
sub gencal ($$$) { #{{{
my $url=shift;
my $height=shift;
my $width=shift;
return qq{<iframe src="http://www.google.com/calendar/embed?$url" style=" border-width:0 " width="$width" frameborder="0" height="$height"></iframe>};
} #}}}
1

8
debian/changelog vendored
View File

@ -1,3 +1,11 @@
ikiwiki (1.27) UNRELEASED; urgency=low
* Add a googlecalendar plugin. A bit special-purpose, but it shows
one way to to deal with user-supplied content that could cause XSS
issues w/o the htmlscrubber, and won't survive the scrubber.
-- Joey Hess <joeyh@debian.org> Sat, 9 Sep 2006 03:00:45 -0400
ikiwiki (1.26) unstable; urgency=low
* Add a missing -n to tla undo call.

1
doc/plugins/type/special-purpose.mdwn 100644
View File

@ -0,0 +1 @@
Special-purpose plugins.