Also filter the attributes cite, longdesc, and usemap, which can contain URIs

IkiWiki/Plugin/htmlscrubber.pm

@@ -58,15 +58,15 @@ sub scrubber { #{{{
 			map { $_ => 1 } qw{
 				abbr accept accept-charset accesskey
 				align alt axis border cellpadding cellspacing
-				char charoff charset checked cite class
+				char charoff charset checked class
 				clear cols colspan color compact coords
 				datetime dir disabled enctype for frame
 				headers height hreflang hspace id ismap
-				label lang longdesc maxlength media method
+				label lang maxlength media method
 				multiple name nohref noshade nowrap prompt
 				readonly rel rev rows rowspan rules scope
 				selected shape size span start summary
-				tabindex target title type usemap valign
+				tabindex target title type valign
 				value vspace width
 				autoplay loopstart loopend end
 				playcount controls 
@@ -75,7 +75,10 @@ sub scrubber { #{{{
 			href => $link,
 			src => $link,
 			action => $link,
+			cite => $link,
+			longdesc => $link,
 			poster => $link,
+			usemap => $link,
 		}],
 	);
 	return $_scrubber;

debian/changelog

@@ -15,8 +15,10 @@ ikiwiki (2.31.3) unstable; urgency=high
     URIs like a limited version of data: URIs.  In particular, some
     versions of Internet Explorer interpret arbitrary HTML content in
     about: URIs.
+  * Also filter the attributes cite, longdesc, and usemap, which can contain
+    URIs.
 
- -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:18:58 -0800
+ -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:59:00 -0800
 
 ikiwiki (2.31.2) unstable; urgency=high