Also filter the attributes cite, longdesc, and usemap, which can contain URIs
parent
34115a34e0
commit
d20e24b636
|
@ -58,15 +58,15 @@ sub scrubber { #{{{
|
|||
map { $_ => 1 } qw{
|
||||
abbr accept accept-charset accesskey
|
||||
align alt axis border cellpadding cellspacing
|
||||
char charoff charset checked cite class
|
||||
char charoff charset checked class
|
||||
clear cols colspan color compact coords
|
||||
datetime dir disabled enctype for frame
|
||||
headers height hreflang hspace id ismap
|
||||
label lang longdesc maxlength media method
|
||||
label lang maxlength media method
|
||||
multiple name nohref noshade nowrap prompt
|
||||
readonly rel rev rows rowspan rules scope
|
||||
selected shape size span start summary
|
||||
tabindex target title type usemap valign
|
||||
tabindex target title type valign
|
||||
value vspace width
|
||||
autoplay loopstart loopend end
|
||||
playcount controls
|
||||
|
@ -75,7 +75,10 @@ sub scrubber { #{{{
|
|||
href => $link,
|
||||
src => $link,
|
||||
action => $link,
|
||||
cite => $link,
|
||||
longdesc => $link,
|
||||
poster => $link,
|
||||
usemap => $link,
|
||||
}],
|
||||
);
|
||||
return $_scrubber;
|
||||
|
|
|
@ -15,8 +15,10 @@ ikiwiki (2.31.3) unstable; urgency=high
|
|||
URIs like a limited version of data: URIs. In particular, some
|
||||
versions of Internet Explorer interpret arbitrary HTML content in
|
||||
about: URIs.
|
||||
* Also filter the attributes cite, longdesc, and usemap, which can contain
|
||||
URIs.
|
||||
|
||||
-- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:18:58 -0800
|
||||
-- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:59:00 -0800
|
||||
|
||||
ikiwiki (2.31.2) unstable; urgency=high
|
||||
|
||||
|
|
Loading…
Reference in New Issue