From: Joey Hess <joey@kodama.kitenet.net>
Date: Sun, 10 Feb 2008 23:26:46 +0000 (-0500)
Subject: export $safe_url_regexp
X-Git-Tag: 1.33.5~12
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=e2ff9f4b706164119894d89da67e32b097b9b506;p=ikiwiki.git

export $safe_url_regexp
---

diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
index c83ffb48d..f28f0816f 100644
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -5,19 +5,13 @@ use warnings;
 use strict;
 use IkiWiki;
 
+# This regexp matches urls that are in a known safe scheme.
+# Feel free to use it from other plugins.
+our $safe_url_regexp;
+
 sub import { #{{{
 	hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);
-} # }}}
-
-sub sanitize (@) { #{{{
-	my %params=@_;
-	return scrubber()->scrub($params{content});
-} # }}}
 
-my $_scrubber;
-sub scrubber { #{{{
-	return $_scrubber if defined $_scrubber;
-	
 	# Only known uri schemes are allowed to avoid all the ways of
 	# embedding javascrpt.
 	# List at http://en.wikipedia.org/wiki/URI_scheme
@@ -37,7 +31,17 @@ sub scrubber { #{{{
 	);
 	# data is a special case. Allow data:image/*, but
 	# disallow data:text/javascript and everything else.
-	my $link=qr/^(?:$uri_schemes:|data:image\/|[^:]+$)/i;
+	$safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+$)/i;
+} # }}}
+
+sub sanitize (@) { #{{{
+	my %params=@_;
+	return scrubber()->scrub($params{content});
+} # }}}
+
+my $_scrubber;
+sub scrubber { #{{{
+	return $_scrubber if defined $_scrubber;
 
 	eval q{use HTML::Scrubber};
 	error($@) if $@;
@@ -67,9 +71,9 @@ sub scrubber { #{{{
 			value vspace width
 		} ),
 		"/" => 1, # emit proper <hr /> XHTML
-		href => $link,
-		src => $link,
-		action => $link,
+		href => $safe_url_regexp,
+		src => $safe_url_regexp,
+		action => $safe_url_regexp,
 		}],
 	);
 	return $_scrubber;