Commit Graph

27 Commits (172dfa9f64b5a248042af7c4b741fdd4c71813ec)

Author SHA1 Message Date
Joey Hess a63929f6cc Group related plugins into sections in the setup file, and drop unused rcs plugins from the setup file. 2010-02-11 22:24:15 -05:00
Joey Hess 678d467a40 finalise version 3.00 of the plugin api 2008-12-23 16:34:19 -05:00
Joey Hess bb93fccf06 Coding style change: Remove explcit vim folding markers. 2008-12-17 15:22:16 -05:00
Joey Hess 89256ab870 htmlscrubber: Add a config setting that can be used to disable the scrubber acting on a set of pages. 2008-09-26 18:07:37 -04:00
Joey Hess 903213e63f add plugin safe/rebuild info (part 1 of 2)
too many plugins.. brain exploding..
2008-08-03 16:40:12 -04:00
Adeodato Simó be0b4f603f Allow colons in URLs after the first slash
A new regexp fixes this bug:
http://ikiwiki.info/bugs/No_link_for_blog_items_when_filename_contains_a_colon/

I traced this down to htmlscrubber. If disabled,
it works. If enabled, then $safe_url_regexp
determines the URL unsafe because of the colon and
hence removes the src attribute.

Digging into this, I find that RFC 3986 pretty
much discourages colons in filenames:

"""
A path segment that contains a colon character
(e.g., "this:that") cannot be used as the first
segment of a relative-path reference, as it would
be mistaken for a scheme name. Such a segment must
be preceded by a dot-segment (e.g., "./this:that")
to make a relative- path reference.
"""

on the other hand, with usedirs, any link to
another page will be prepended by ../ anyway, so
that makes them okay again.

The solution still seems not to use colons.

In any case, htmlscrubber should get a new regexp,
courtesy of dato.

I have tested and verified this.

Signed-off-by: martin f. krafft <madduck@madduck.net>
2008-02-29 19:29:44 +01:00
Joey Hess c6fc554c54 use quotemeta when building the regexp 2008-02-10 19:02:12 -05:00
Josh Triplett 728dfd9595 Allow the smb: URI scheme. 2008-02-10 15:08:56 -08:00
Josh Triplett 502cd00ec7 Allow the snews: URI scheme. 2008-02-10 15:05:11 -08:00
Josh Triplett ec9d3ab549 Do not allow the steam: URI scheme. 2008-02-10 14:59:08 -08:00
Josh Triplett 3cda22a27f Match literal '.' in URI schemas containing '.', rather than matching any character 2008-02-10 14:50:30 -08:00
Joey Hess 4bfdbd4858 export $safe_url_regexp 2008-02-10 17:07:21 -05:00
Josh Triplett d20e24b636 Also filter the attributes cite, longdesc, and usemap, which can contain URIs 2008-02-10 13:59:37 -08:00
Joey Hess 2078f706d6 add parens around scheme regexp 2008-02-10 16:29:46 -05:00
Josh Triplett a7be7bdf56 Do not allow the about: URI scheme
Some browsers interpret about: URIs like a limited version of data:
URIs.  In particular, some versions of Internet Explorer interpret
arbitrary HTML content in about: URIs.
2008-02-10 13:23:28 -08:00
Joey Hess dfd6bb3854 fix data:image handling 2008-02-10 15:24:03 -05:00
Joey Hess d7e0c035e5 * htmlscrubber security fix: Block javascript in uris.
* Add htmlscrubber test suite.
2008-02-10 13:16:40 -05:00
Joey Hess 4c1a4402f9 * htmlscrubber: Further work around #365971 by adding tags for 'br/', 'hr/'
and 'p/'.
2008-01-07 18:32:50 -05:00
Joey Hess e016a975c4 * Allow html5 video and audio tags and their attributes in the htmlscrubber. 2007-11-18 13:34:06 -05:00
joey 03dc63588c on second thought, simple alphanumeric styles are not actually useful (class is already supported), and anything more complex is too hard to do, so revert 2007-07-11 17:57:02 +00:00
joey a8fa52080d * Allow simple alphanumeric style attribute values in the htmlscrubber. This
should be safe from javascript attacks.
2007-07-11 16:50:59 +00:00
joey ee1ad53c4c * pagespec_match() has changed to take named parameters, to better allow
for extended pagespecs. The old calling convention will still work for
  back-compat for now.
* The calling convention for functions in the IkiWiki::PageSpec namespace
  has changed so they are passed named parameters.
* Plugin interface version increased to 2.00 since I don't anticipate any
  more interface changes before 2.0.
2007-04-27 02:55:52 +00:00
joey 35ee7e44a6 * Make sure to check for errors from every eval. 2006-11-08 21:03:33 +00:00
joey dae0f48e91 * Work on firming up the plugin interface:
- Plugins should not need to load IkiWiki::Render to get commonly
    used functions, so moved some functions from there to IkiWiki.
  - Picked out the set of functions and variables that most plugins
    use, documented them, and made IkiWiki export them by default,
    like a proper perl module should.
  - Use the other functions at your own risk.
  - This is not quite complete, I still have to decide whether to
    export some other things.
* Changed all plugins included in ikiwiki to not use "IkiWiki::" when
  referring to stuff now exported by the IkiWiki module.
* Anyone with a third-party ikiwiki plugin is strongly enrouraged
  to make like changes to it and avoid use of non-exported symboles from
  "IkiWiki::".
* Link debian/changelog and debian/news to NEWS and CHANGELOG.
* Support hyperestradier version 1.4.2, which adds a new required phraseform
  setting.
2006-09-09 22:50:27 +00:00
joey 4895955cea * Change htmlize, format, and sanitize hooks to use named parameters. 2006-08-28 18:17:59 +00:00
joey 7f64dd4f66 * Tell HTML::Scrubber to treat "/" as a valid attribute which is its
very strange way of enabling proper XHTML <br /> type tags. Output html
  should be always valid again now.
2006-05-25 22:03:22 +00:00
joey 6652de5e1a * Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber
and --disable-plugin htmlscrubber.
2006-05-05 05:41:11 +00:00