From 31accc9474dd5820dc0b0bce4a29802986f3a98a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 10 Feb 2008 18:31:18 -0500 Subject: [PATCH] Also filter the attributes cite, longdesc, and usemap, which can contain URIs --- IkiWiki/Plugin/htmlscrubber.pm | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm index a8a37eafa..067d766f7 100644 --- a/IkiWiki/Plugin/htmlscrubber.pm +++ b/IkiWiki/Plugin/htmlscrubber.pm @@ -59,21 +59,24 @@ sub scrubber { #{{{ default => [undef, { ( map { $_ => 1 } qw{ abbr accept accept-charset accesskey align alt axis border cellpadding cellspacing - char charoff charset checked cite class + char charoff charset checked class clear cols colspan color compact coords datetime dir disabled enctype for frame headers height hreflang hspace id ismap - label lang longdesc maxlength media method + label lang maxlength media method multiple name nohref noshade nowrap prompt readonly rel rev rows rowspan rules scope selected shape size span start summary - tabindex target title type usemap valign + tabindex target title type valign value vspace width } ), "/" => 1, # emit proper
XHTML href => $safe_url_regexp, src => $safe_url_regexp, action => $safe_url_regexp, + cite => $safe_url_regexp, + longdesc => $safe_url_regexp, + usemap => $safe_url_regexp, }], ); return $_scrubber; -- 2.26.2