comments: Use HTML entities to escape directives
authorSimon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Sun, 23 Nov 2008 12:03:05 +0000 (12:03 +0000)
committerSimon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Thu, 11 Dec 2008 21:14:03 +0000 (21:14 +0000)
IkiWiki/Plugin/comments.pm

index acc3ffdb3198cd520ac59087344c1b67cc91a6fa..a68026ebc9ec09359015366d5a90d06de5c4044c 100644 (file)
@@ -221,11 +221,11 @@ sub sessioncgi ($$) { #{{{
 
        unless ($allow_directives) {
                # don't allow new-style directives at all
-               $body =~ s/(^|[^\\])\[\[!/$1\\[[!/g;
+               $body =~ s/(^|[^\\])\[\[!/$1&#91;&#91;!/g;
 
                # don't allow [[ unless it begins an old-style
                # wikilink, if prefix_directives is off
-               $body =~ s/(^|[^\\])\[\[(?![^\n\s\]+]\]\])/$1\\[[!/g
+               $body =~ s/(^|[^\\])\[\[(?![^\n\s\]+]\]\])/$1&#91;&#91;!/g
                        unless $config{prefix_directives};
        }