smcvpostcomment: remove HTML if not allowed

author Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>

Mon, 17 Nov 2008 09:10:06 +0000 (09:10 +0000)

committer Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>

Thu, 11 Dec 2008 21:14:02 +0000 (21:14 +0000)
author Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Mon, 17 Nov 2008 09:10:06 +0000 (09:10 +0000)
committer Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Thu, 11 Dec 2008 21:14:02 +0000 (21:14 +0000)
diff --git a/IkiWiki/Plugin/smcvpostcomment.pm b/IkiWiki/Plugin/smcvpostcomment.pm

index 43b1d3e6fbe8e927ac6bb0f642af59e094bdd5cb..07f008e5e08adc0ea423cd920f074cb8cf431db7 100644 (file)
--- a/IkiWiki/Plugin/smcvpostcomment.pm
+++ b/IkiWiki/Plugin/smcvpostcomment.pm
@@ -205,6 +205,12 @@ sub sessioncgi ($$) { #{{{
                         unless $config{prefix_directives};
         }
  
+       unless ($allow_html) {
+               $body =~ s/&(\w|#)/&amp;$1/g;
+               $body =~ s/</&lt;/g;
+               $body =~ s/>/&gt;/g;
+       }
+
         # In this template, the [[!meta]] directives should stay at the end,
         # so that they will override anything the user specifies. (For
         # instance, [[!meta author="I can fake the author"]]...)
author	Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
	Mon, 17 Nov 2008 09:10:06 +0000 (09:10 +0000)
committer	Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
	Thu, 11 Dec 2008 21:14:02 +0000 (21:14 +0000)