3abfc1d71c
comments: Use HTML entities to escape directives
2008-12-11 21:14:03 +00:00
430ac61f21
Embed comments into comments_embed.tmpl rather than concatenating in perl
2008-12-11 21:14:03 +00:00
286dbb0541
comments: use CGI module's checksessionexpiry
2008-12-11 21:14:03 +00:00
249ea2ed75
comments: remove allowhtml option, just switch it on all the time
...
Now that posts are individually sanitized, that should be safe.
2008-12-11 21:14:03 +00:00
4663f364bb
comments: load inline and mdwn lazily
2008-12-11 21:14:03 +00:00
9d92fd5eb0
comments: don't rely on mdwn getting loaded first
2008-12-11 21:14:03 +00:00
ebe140201e
comments: sanitize the body of each comment before posting it
...
This should ensure that users can't "break out" from the enclosing
<div>, making it impossible to forge comments (assuming htmlscrubber
is enabled, and so is either htmlbalance or htmltidy).
2008-12-11 21:14:03 +00:00
57e40b9ce5
Fix typo that led to comments being blanked
2008-12-11 21:14:02 +00:00
3d4aa065d6
postcomment: Rename plugin to comments, use *._comment files
...
The PageSpec is still called "postcomment" since that's what it means.
2008-12-11 21:14:02 +00:00
Simon McVittie