From: Josh Triplett <josh@freedesktop.org>
Date: Sun, 10 Feb 2008 21:59:37 +0000 (-0800)
Subject: Also filter the attributes cite, longdesc, and usemap, which can contain URIs
X-Git-Tag: 2.32.3~9
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c1b6052c8f3e578e6d9dac74fa3c9a78547c2e2c;p=ikiwiki.git
Also filter the attributes cite, longdesc, and usemap, which can contain URIs
---
diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
index 897a398ba..8136bdadc 100644
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -58,15 +58,15 @@ sub scrubber { #{{{
map { $_ => 1 } qw{
abbr accept accept-charset accesskey
align alt axis border cellpadding cellspacing
- char charoff charset checked cite class
+ char charoff charset checked class
clear cols colspan color compact coords
datetime dir disabled enctype for frame
headers height hreflang hspace id ismap
- label lang longdesc maxlength media method
+ label lang maxlength media method
multiple name nohref noshade nowrap prompt
readonly rel rev rows rowspan rules scope
selected shape size span start summary
- tabindex target title type usemap valign
+ tabindex target title type valign
value vspace width
autoplay loopstart loopend end
playcount controls
@@ -75,7 +75,10 @@ sub scrubber { #{{{
href => $link,
src => $link,
action => $link,
+ cite => $link,
+ longdesc => $link,
poster => $link,
+ usemap => $link,
}],
);
return $_scrubber;
diff --git a/debian/changelog b/debian/changelog
index 35dd1b6f1..de58d2d7d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,8 +4,10 @@ ikiwiki (2.32.3) UNRELEASED; urgency=low
URIs like a limited version of data: URIs. In particular, some
versions of Internet Explorer interpret arbitrary HTML content in
about: URIs.
+ * Also filter the attributes cite, longdesc, and usemap, which can contain
+ URIs.
- -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:18:58 -0800
+ -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:59:00 -0800
ikiwiki (2.31.2) unstable; urgency=high