smcvpostcomment: remove HTML if not allowed
authorSimon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Mon, 17 Nov 2008 09:10:06 +0000 (09:10 +0000)
committerSimon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Thu, 11 Dec 2008 21:14:02 +0000 (21:14 +0000)
IkiWiki/Plugin/smcvpostcomment.pm

index 43b1d3e6fbe8e927ac6bb0f642af59e094bdd5cb..07f008e5e08adc0ea423cd920f074cb8cf431db7 100644 (file)
@@ -205,6 +205,12 @@ sub sessioncgi ($$) { #{{{
                        unless $config{prefix_directives};
        }
 
+       unless ($allow_html) {
+               $body =~ s/&(\w|#)/&amp;$1/g;
+               $body =~ s/</&lt;/g;
+               $body =~ s/>/&gt;/g;
+       }
+
        # In this template, the [[!meta]] directives should stay at the end,
        # so that they will override anything the user specifies. (For
        # instance, [[!meta author="I can fake the author"]]...)