* Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber

  and --disable-plugin htmlscrubber.

diff --git a/IkiWiki.pm b/IkiWiki.pm
index 6a62d9f0ed2ecd155f6eec6f1a7f16defecdf77c..443a88044f315ca762676dc544947e9d01d3340c 100644 (file)
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -26,7 +26,6 @@ sub defaultconfig () { #{{{
        diffurl => '',
        anonok => 0,
        rss => 0,
        diffurl => '',
        anonok => 0,
        rss => 0,

-       sanitize => 1,

        rebuild => 0,
        refresh => 0,
        getctime => 0,
        rebuild => 0,
        refresh => 0,
        getctime => 0,


@@ -41,7 +40,7 @@ sub defaultconfig () { #{{{
        setup => undef,
        adminuser => undef,
        adminemail => undef,
        setup => undef,
        adminuser => undef,
        adminemail => undef,

-       plugin => [qw{inline}],
+       plugin => [qw{inline htmlscrubber}],

        headercontent => '',
 } #}}}
            
        headercontent => '',
 } #}}}
            

diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
new file mode 100644 (file)
index 0000000..41cf6c9
--- /dev/null
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -0,0 +1,51 @@
+#!/usr/bin/perl
+package IkiWiki::Plugin::htmlscrubber;
+
+use warnings;
+use strict;
+use IkiWiki;
+
+sub import { #{{{
+       IkiWiki::hook(type => "sanitize", id => "htmlscrubber",
+               call => \&sanitize);
+} # }}}
+
+sub sanitize ($) { #{{{
+       return scrubber()->scrub(shift);
+} # }}}
+
+my $_scrubber;
+sub scrubber { #{{{
+       return $_scrubber if defined $_scrubber;
+       
+       eval q{use HTML::Scrubber};
+       # Lists based on http://feedparser.org/docs/html-sanitization.html
+       $_scrubber = HTML::Scrubber->new(
+               allow => [qw{
+                       a abbr acronym address area b big blockquote br
+                       button caption center cite code col colgroup dd del
+                       dfn dir div dl dt em fieldset font form h1 h2 h3 h4
+                       h5 h6 hr i img input ins kbd label legend li map
+                       menu ol optgroup option p pre q s samp select small
+                       span strike strong sub sup table tbody td textarea
+                       tfoot th thead tr tt u ul var
+               }],
+               default => [undef, { map { $_ => 1 } qw{
+                       abbr accept accept-charset accesskey action
+                       align alt axis border cellpadding cellspacing
+                       char charoff charset checked cite class
+                       clear cols colspan color compact coords
+                       datetime dir disabled enctype for frame
+                       headers height href hreflang hspace id ismap
+                       label lang longdesc maxlength media method
+                       multiple name nohref noshade nowrap prompt
+                       readonly rel rev rows rowspan rules scope
+                       selected shape size span src start summary
+                       tabindex target title type usemap valign
+                       value vspace width
+               }}],
+       );
+       return $_scrubber;
+} # }}}
+
+1

diff --git a/IkiWiki/Plugin/skeleton.pm b/IkiWiki/Plugin/skeleton.pm
index d5a2125e5e3502e127ce97c9e17bfc197b13cc4a..346dfa5ffb1210897dd3283a51d30b4c083aa9db 100644 (file)
--- a/IkiWiki/Plugin/skeleton.pm
+++ b/IkiWiki/Plugin/skeleton.pm
@@ -15,6 +15,8 @@ sub import { #{{{
                call => \&preprocess);
        IkiWiki::hook(type => "filter", id => "skeleton", 
                call => \&filter);
                call => \&preprocess);
        IkiWiki::hook(type => "filter", id => "skeleton", 
                call => \&filter);

+       IkiWiki::hook(type => "sanitize", id => "skeleton", 
+               call => \&sanitize);

        IkiWiki::hook(type => "delete", id => "skeleton", 
                call => \&delete);
        IkiWiki::hook(type => "change", id => "skeleton", 
        IkiWiki::hook(type => "delete", id => "skeleton", 
                call => \&delete);
        IkiWiki::hook(type => "change", id => "skeleton", 


@@ -33,11 +35,19 @@ sub preprocess (@) { #{{{
        return "skeleton plugin result";
 } # }}}
 
        return "skeleton plugin result";
 } # }}}
 

-sub filter ($) { #{{{
-       my $content=shift;
+sub filter (@) { #{{{
+       my %params=@_;

        
        IkiWiki::debug("skeleton plugin running as filter");
 
        
        IkiWiki::debug("skeleton plugin running as filter");
 

+       return $params{content};
+} # }}}
+
+sub sanitize ($) { #{{{
+       my $content=shift;
+       
+       IkiWiki::debug("skeleton plugin running as a sanitizer");
+

        return $content;
 } # }}}
 
        return $content;
 } # }}}
 

diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm
index 262e0ec29585290577c058917d65fc393b551313..9feaa6da7636b46940a101f9bbfbaf87aebde496 100644 (file)
--- a/IkiWiki/Render.pm
+++ b/IkiWiki/Render.pm
@@ -19,40 +19,6 @@ sub linkify ($$) { #{{{
        return $content;
 } #}}}
 
        return $content;
 } #}}}
 

-my $_scrubber;
-sub scrubber { #{{{
-       return $_scrubber if defined $_scrubber;
-       
-       eval q{use HTML::Scrubber};
-       # Lists based on http://feedparser.org/docs/html-sanitization.html
-       $_scrubber = HTML::Scrubber->new(
-               allow => [qw{
-                       a abbr acronym address area b big blockquote br
-                       button caption center cite code col colgroup dd del
-                       dfn dir div dl dt em fieldset font form h1 h2 h3 h4
-                       h5 h6 hr i img input ins kbd label legend li map
-                       menu ol optgroup option p pre q s samp select small
-                       span strike strong sub sup table tbody td textarea
-                       tfoot th thead tr tt u ul var
-               }],
-               default => [undef, { map { $_ => 1 } qw{
-                       abbr accept accept-charset accesskey action
-                       align alt axis border cellpadding cellspacing
-                       char charoff charset checked cite class
-                       clear cols colspan color compact coords
-                       datetime dir disabled enctype for frame
-                       headers height href hreflang hspace id ismap
-                       label lang longdesc maxlength media method
-                       multiple name nohref noshade nowrap prompt
-                       readonly rel rev rows rowspan rules scope
-                       selected shape size span src start summary
-                       tabindex target title type usemap valign
-                       value vspace width
-               }}],
-       );
-       return $_scrubber;
-} # }}}
-

 sub htmlize ($$) { #{{{
        my $type=shift;
        my $content=shift;
 sub htmlize ($$) { #{{{
        my $type=shift;
        my $content=shift;


@@ -71,8 +37,10 @@ sub htmlize ($$) { #{{{
                error("htmlization of $type not supported");
        }
 
                error("htmlization of $type not supported");
        }
 

-       if ($config{sanitize}) {
-               $content=scrubber()->scrub($content);
+       if (exists $hooks{sanitize}) {
+               foreach my $id (keys %{$hooks{sanitize}}) {
+                       $content=$hooks{sanitize}{$id}{call}->($content);
+               }

        }
        
        return $content;
        }
        
        return $content;

diff --git a/debian/NEWS b/debian/NEWS
index 130d1bd57fda7a6b3c2a9d798263dbc64211aebf..5bb107519eb93cfa82894aa04fc007969def6cf6 100644 (file)
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -9,6 +9,11 @@ ikiwiki (1.1) unstable; urgency=low
   search plugin, by passing --plugin=search or through the plugin setting in
   the config file.
 
   search plugin, by passing --plugin=search or through the plugin setting in
   the config file.
 

+  The --sanitize and --no-sanitize switches are also gone, replaced with the
+  htmlscrubber plugin. This plugin is enabled by default, to disable it,
+  use --disable-plugin=htmlscrubber, or modify the plugin setting in the
+  config file.
+

   You will need to rebuild your wiki when upgrading to this version.
   If you listed your wiki in /etc/ikiwiki/wikilist this will be done
   automatically.
   You will need to rebuild your wiki when upgrading to this version.
   If you listed your wiki in /etc/ikiwiki/wikilist this will be done
   automatically.

diff --git a/debian/changelog b/debian/changelog
index bd82cd48b19441de9b0a4bea30493338b36aaf52..a7887e17f97d0ab6a4ee83df112efeec2a8ed0e0 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -43,8 +43,10 @@ ikiwiki (1.1) UNRELEASED; urgency=low
   * Copied in some smileys from Moin Moin.
   * Allow links of the form [[some page|page]], with whitespace in the link
     text.
   * Copied in some smileys from Moin Moin.
   * Allow links of the form [[some page|page]], with whitespace in the link
     text.

+  * Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber
+    and --disable-plugin htmlscrubber.

 
 

- -- Joey Hess <joeyh@debian.org>  Fri,  5 May 2006 00:14:53 -0400
+ -- Joey Hess <joeyh@debian.org>  Fri,  5 May 2006 01:28:19 -0400

 
 ikiwiki (1.0) unstable; urgency=low
 
 
 ikiwiki (1.0) unstable; urgency=low
 

diff --git a/doc/ikiwiki.setup b/doc/ikiwiki.setup
index 3e0e1599e169af0e030b3f4be200bbafda4349b6..17d3be7d75077777505c039168b4ac9b73fd908f 100644 (file)
--- a/doc/ikiwiki.setup
+++ b/doc/ikiwiki.setup
@@ -48,8 +48,7 @@ use IkiWiki::Setup::Standard {
        #anonok => 1,
        # Generate rss feeds for pages?
        rss => 1,
        #anonok => 1,
        # Generate rss feeds for pages?
        rss => 1,

-       # Sanitize html?
-       sanitize => 1,

        # To change the enabled plugins, edit this list
        # To change the enabled plugins, edit this list

-       #plugin => [qw{pagecount inline brokenlinks hyperestraier smiley}],
+       #plugin => [qw{pagecount inline brokenlinks hyperestraier smiley
+       #              htmlscrubber}],

 }
 }

diff --git a/doc/news/sanitization.mdwn b/doc/news/sanitization.mdwn
index 6ce2541572cc7a0c8a551066ff6c26a028387822..419d589c94edbb8c9b085b43e9efc88d00b008f4 100644 (file)
--- a/doc/news/sanitization.mdwn
+++ b/doc/news/sanitization.mdwn
@@ -1,7 +1,8 @@
-ikiwiki's main outstanding security hole, lack of [[HtmlSanitization]] has
-now been addressed. ikiwiki now sanitizes html by default.
+ikiwiki's main outstanding security hole, lack of html sanitization, has
+now been addressed. ikiwiki now sanitizes html by default, using the
+[[plugins/htmlscrubber]] plugin.

 
 If only trusted parties can edit your wiki's content, then you might want
 to turn this sanitization back off to allow use of potentially dangerous
 
 If only trusted parties can edit your wiki's content, then you might want
 to turn this sanitization back off to allow use of potentially dangerous

-tags. To do so, pass --no-sanitize or set "sanitize => 0," in your
-[[ikiwiki.setup]].
+tags. To do so, pass --disable-plugin=sanitize or edit the plugins
+configuration in your [[ikiwiki.setup]].

diff --git a/doc/plugins.mdwn b/doc/plugins.mdwn
index 07c236057da5c2ff70ee73dd495de9395c12c7bc..e2f0492af0bd60f96f887beecaa116cda82d0f8f 100644 (file)
--- a/doc/plugins.mdwn
+++ b/doc/plugins.mdwn
@@ -1,9 +1,9 @@
 There's documentation if you want to [[write]] your own plugins, or you can install and use plugins contributed by others. 
 
 The ikiwiki package includes some standard plugins that are installed and
 There's documentation if you want to [[write]] your own plugins, or you can install and use plugins contributed by others. 
 
 The ikiwiki package includes some standard plugins that are installed and

-by default. These include [[inline]], [[pagecount]], [[brokenlinks]],
-[[search]], [[smiley]], and even [[haiku]]. 
-Of these, [[inline]] is enabled by default.
+by default. These include [[inline]], [[htmlscrubber]], [[pagecount]],
+[[brokenlinks]], [[search]], [[smiley]], and even [[haiku]]. 
+Of these, [[inline]] and [[htmlscrubber]] are enabled by default.

 
 To enable other plugins, use the `--plugin` switch described in [[usage]],
 or the equivalent line in [[ikiwiki.setup]].
 
 To enable other plugins, use the `--plugin` switch described in [[usage]],
 or the equivalent line in [[ikiwiki.setup]].

diff --git a/doc/htmlsanitization.mdwn b/doc/plugins/htmlscrubber.mdwn
similarity index 80%
rename from doc/htmlsanitization.mdwn
rename to doc/plugins/htmlscrubber.mdwn
index 2c814e8e42a5e1dc3620788d8842d9cf4ce8a3fd..cf0d8e02aca4243291b5bfcecdceea621273c6ea 100644 (file)
--- a/doc/htmlsanitization.mdwn
+++ b/doc/plugins/htmlscrubber.mdwn
@@ -1,13 +1,12 @@
-When run with the `--sanitize` switch, which is turned on by default (see
-[[usage]]), ikiwiki sanitizes the html on pages it renders to avoid XSS
-attacks and the like.
+This plugin is enabled by default. It sanitizes the html on pages it renders
+to avoid XSS attacks and the like.

 
 

-ikiwiki excludes all html tags and attributes except for those that are
+It excludes all html tags and attributes except for those that are

 whitelisted using the same lists as used by Mark Pilgrim's Universal Feed
 Parser, documented at <http://feedparser.org/docs/html-sanitization.html>.
 Notably it strips `style`, `link`, and the `style` attribute.
 
 whitelisted using the same lists as used by Mark Pilgrim's Universal Feed
 Parser, documented at <http://feedparser.org/docs/html-sanitization.html>.
 Notably it strips `style`, `link`, and the `style` attribute.
 

-ikiwiki uses the HTML::Scrubber perl module to perform its html
+It uses the HTML::Scrubber perl module to perform its html

 sanitisation, and this perl module also deals with various entity encoding
 tricks.
 
 sanitisation, and this perl module also deals with various entity encoding
 tricks.
 


@@ -23,7 +22,8 @@ browser.
 
 ----
 
 
 ----
 

-Some examples of embedded javascript that won't be let through.
+Some examples of embedded javascript that won't be let through when this
+plugin is active:

 
 * <span style="background: url(javascript:window.location='http://example.org/')">test</span>
 * <span style="&#x61;&#x6e;&#x79;&#x3a;&#x20;&#x65;&#x78;&#x70;&#x72;&#x65;&#x73;&#x73;&#x69;&#x6f;&#x6e;&#x28;&#x77;&#x69;&#x6e;&#x64;&#x6f;&#x77;&#x2e;&#x6c;&#x6f;&#x63;&#x61;&#x74;&#x69;&#x6f;&#x6e;&#x3d;&#x27;&#x68;&#x74;&#x74;&#x70;&#x3a;&#x2f;&#x2f;&#x65;&#x78;&#x61;&#x6d;&#x70;&#x6c;&#x65;&#x2e;&#x6f;&#x72;&#x67;&#x2f;&#x27;&#x29;">test</span>
 
 * <span style="background: url(javascript:window.location='http://example.org/')">test</span>
 * <span style="&#x61;&#x6e;&#x79;&#x3a;&#x20;&#x65;&#x78;&#x70;&#x72;&#x65;&#x73;&#x73;&#x69;&#x6f;&#x6e;&#x28;&#x77;&#x69;&#x6e;&#x64;&#x6f;&#x77;&#x2e;&#x6c;&#x6f;&#x63;&#x61;&#x74;&#x69;&#x6f;&#x6e;&#x3d;&#x27;&#x68;&#x74;&#x74;&#x70;&#x3a;&#x2f;&#x2f;&#x65;&#x78;&#x61;&#x6d;&#x70;&#x6c;&#x65;&#x2e;&#x6f;&#x72;&#x67;&#x2f;&#x27;&#x29;">test</span>

diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn
index ae2f8b904cc1dff01696021abaa3b0f546b25e9f..6c013cd4a754b66922994dce2b2dd9c8a51ddf7d 100644 (file)
--- a/doc/plugins/write.mdwn
+++ b/doc/plugins/write.mdwn
@@ -49,7 +49,7 @@ return the error message as the output of the plugin.
 
 ### Html issues
 
 
 ### Html issues
 

-Note that if [[HTMLSanitization]] is enabled, html in
+Note that if the [[htmlscrubber]] is enabled, html in

 [[PreProcessorDirective]] output is sanitised, which may limit what your
 plugin can do. Also, the rest of the page content is not in html format at
 preprocessor time. Text output by a preprocessor directive will be passed
 [[PreProcessorDirective]] output is sanitised, which may limit what your
 plugin can do. Also, the rest of the page content is not in html format at
 preprocessor time. Text output by a preprocessor directive will be passed


@@ -75,7 +75,16 @@ IkiWiki::error if something isn't configured right.
 
 Runs on the raw source of a page, before anything else touches it, and can
 make arbitrary changes. The function is passed named parameters `page` and
 
 Runs on the raw source of a page, before anything else touches it, and can
 make arbitrary changes. The function is passed named parameters `page` and

-`content` should return the filtered content.
+`content` and should return the filtered content.
+
+### sanitize
+
+       IkiWiki::hook(type => "filter", id => "foo", call => \&sanitize);
+
+Use this to implement html sanitization or anything else that needs to
+modify the content of a page after it has been fully converted to html.
+The function is passed the page content and should return the sanitized
+content.

 
 ### delete
 
 
 ### delete
 

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 77552b1b2e2d2c3abe04d273200b23412b7f9219..73d98a3ae5fcf88c1dbcbe4b0ba983f853ad54e8 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -215,4 +215,5 @@ pages from source with some other extension.
 
 ## XSS attacks in page content
 
 
 ## XSS attacks in page content
 

-ikiwiki supports [[HtmlSanitization]], though it can be turned off.
+ikiwiki supports protecting users from their own broken browsers via the
+[[plugins/htmlscrubber]] plugin, which is enabled by default.

diff --git a/doc/todo/plugin.mdwn b/doc/todo/plugin.mdwn
index 84c3d68f54b86e442c30011660c098523db391dc..0b90b7cae0eab87411dbc44f09224701d1d9a970 100644 (file)
--- a/doc/todo/plugin.mdwn
+++ b/doc/todo/plugin.mdwn
@@ -25,8 +25,6 @@ Suggestions of ideas for plugins:
   or something. It's possible that this is a special case of backlinks and
   is best implemented by making backlinks a plugin somehow. --[[Joey]]
 
   or something. It's possible that this is a special case of backlinks and
   is best implemented by making backlinks a plugin somehow. --[[Joey]]
 

-* Splitting out html sanitisation should be easy to do.
-

 * interwiki links
 
 All the kinds of plugins that blogging software has is also a possibility:
 * interwiki links
 
 All the kinds of plugins that blogging software has is also a possibility:

diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index eac72cdc728d46c3be2b77aece19ee447d40ddb3..3a46dade8bcd478ad1b4644f1b46b78360d7e7a6 100644 (file)
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -162,16 +162,16 @@ These options configure the wiki.
   Currently allows locking of any page, other powers may be added later.
   May be specified multiple times for multiple admins.
 
   Currently allows locking of any page, other powers may be added later.
   May be specified multiple times for multiple admins.
 

-* --sanitize
-
-  Enable [[HtmlSanitization]] of wiki content. On by default, disable with
-  --no-sanitize.
-

 * --plugin name
 
   Enables the use of the specified plugin in the wiki. See [[plugins]] for
   details. Note that plugin names are case sensative.
 
 * --plugin name
 
   Enables the use of the specified plugin in the wiki. See [[plugins]] for
   details. Note that plugin names are case sensative.
 

+* --disable-plugin name
+
+  Disables use of a plugin. For example "--disable-plugin htmlscrubber"
+  to do away with html sanitization.
+

 * --verbose
 
   Be vebose about what is being done.
 * --verbose
 
   Be vebose about what is being done.

diff --git a/ikiwiki b/ikiwiki
index 4801c5f92e734df7bf7f9c170519c59b31875c77..e911eaff4de483cb9e1ffe680828b13ab91f6d2d 100755 (executable)
--- a/ikiwiki
+++ b/ikiwiki
@@ -29,7 +29,6 @@ sub getconfig () { #{{{
                        "rss!" => \$config{rss},
                        "cgi!" => \$config{cgi},
                        "notify!" => \$config{notify},
                        "rss!" => \$config{rss},
                        "cgi!" => \$config{cgi},
                        "notify!" => \$config{notify},

-                       "sanitize!" => \$config{sanitize},

                        "url=s" => \$config{url},
                        "cgiurl=s" => \$config{cgiurl},
                        "historyurl=s" => \$config{historyurl},
                        "url=s" => \$config{url},
                        "cgiurl=s" => \$config{cgiurl},
                        "historyurl=s" => \$config{historyurl},


@@ -54,7 +53,10 @@ sub getconfig () { #{{{
                        },
                        "plugin=s@" => sub {
                                push @{$config{plugin}}, $_[1];
                        },
                        "plugin=s@" => sub {
                                push @{$config{plugin}}, $_[1];

-                       }
+                       },
+                       "disable-plugin=s@" => sub {
+                               $config{plugin}=[grep { $_ ne $_[1] } @{$config{plugin}} ];
+                       },

                ) || usage();
 
                if (! $config{setup}) {
                ) || usage();
 
                if (! $config{setup}) {