From aa2b3b8f637d0f3abe2ebf3845a22781ffd83c72 Mon Sep 17 00:00:00 2001 From: joey Date: Sat, 9 Sep 2006 07:11:51 +0000 Subject: [PATCH] * Add a googlecalendar plugin. A bit special-purpose, but it shows one way to to deal with user-supplied content that could cause XSS issues w/o the htmlscrubber, and won't survive the scrubber. --- IkiWiki/Plugin/googlecalendar.pm | 46 +++++++++++++++++++++++++++ debian/changelog | 8 +++++ doc/plugins/type/special-purpose.mdwn | 1 + 3 files changed, 55 insertions(+) create mode 100644 IkiWiki/Plugin/googlecalendar.pm create mode 100644 doc/plugins/type/special-purpose.mdwn diff --git a/IkiWiki/Plugin/googlecalendar.pm b/IkiWiki/Plugin/googlecalendar.pm new file mode 100644 index 000000000..c99563d95 --- /dev/null +++ b/IkiWiki/Plugin/googlecalendar.pm @@ -0,0 +1,46 @@ +#!/usr/bin/perl +package IkiWiki::Plugin::googlecalendar; + +use warnings; +use strict; +use IkiWiki; +use IPC::Open2; + +sub import { #{{{ + IkiWiki::hook(type => "preprocess", id => "googlecalendar", + call => \&preprocess); + IkiWiki::hook(type => "format", id => "googlecalendar", + call => \&format); +} # }}} + +sub preprocess (@) { #{{{ + my %params=@_; + + # Parse the html, looking for the url to embed for the calendar. + # Avoid XSS attacks.. + my ($url)=$params{html}=~m#iframe\s+src="http://www\.google\.com/calendar/embed\?([^"<>]+)"#; + if (! defined $url || ! length $url) { + return "[[googlecalendar failed to find url in html]]"; + } + my ($height)=$params{html}=~m#height="(\d+)"#; + my ($width)=$params{html}=~m#width="(\d+)"#; + + return "
"; +} # }}} + +sub format (@) { #{{{ + my %params=@_; + + $params{content}=~s/
<\/div>/gencal($1,$2,$3)/eg; + + return $params{content}; +} # }}} + +sub gencal ($$$) { #{{{ + my $url=shift; + my $height=shift; + my $width=shift; + return qq{}; +} #}}} + +1 diff --git a/debian/changelog b/debian/changelog index 7be9e9bc3..5f9190e68 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +ikiwiki (1.27) UNRELEASED; urgency=low + + * Add a googlecalendar plugin. A bit special-purpose, but it shows + one way to to deal with user-supplied content that could cause XSS + issues w/o the htmlscrubber, and won't survive the scrubber. + + -- Joey Hess Sat, 9 Sep 2006 03:00:45 -0400 + ikiwiki (1.26) unstable; urgency=low * Add a missing -n to tla undo call. diff --git a/doc/plugins/type/special-purpose.mdwn b/doc/plugins/type/special-purpose.mdwn new file mode 100644 index 000000000..b6ed04531 --- /dev/null +++ b/doc/plugins/type/special-purpose.mdwn @@ -0,0 +1 @@ +Special-purpose plugins. -- 2.26.2