--- /dev/null
+#!/usr/bin/perl
+package IkiWiki::Plugin::embed;
+
+use warnings;
+use strict;
+use IkiWiki 2.00;
+
+my $attribr=qr/[^<>"]+/;
+
+# regexp matching known-safe html
+my $safehtml=qr{(
+ # google maps
+ <\s*iframe\s+width="\d+"\s+height="\d+"\s+frameborder="$attribr"\s+
+ scrolling="$attribr"\s+marginheight="\d+"\s+marginwidth="\d+"\s+
+ src="http://maps.google.com/\?$attribr"\s*>\s*</iframe>
+
+ |
+
+ # youtube
+ <\s*object\s+width="\d+"\s+height="\d+"\s*>\s*
+ <\s*param\s+name="movie"\s+value="http://www.youtube.com/v/$attribr"\s*>\s*
+ </param>\s*
+ <\s*param\s+name="wmode"\s+value="transparent"\s*>\s*</param>\s*
+ <embed\s+src="http://www.youtube.com/v/$attribr"\s+
+ type="application/x-shockwave-flash"\s+wmode="transparent"\s+
+ width="\d+"\s+height="\d+"\s*>\s*</embed>\s*</object>
+
+ |
+
+ # google video
+ <\s*embed\s+style="\s*width:\d+px;\s+height:\d+px;\s*"\s+id="$attribr"\s+
+ type="application/x-shockwave-flash"\s+
+ src="http://video.google.com/googleplayer.swf\?$attribr"\s+
+ flashvars=""\s*>\s*</embed>
+
+ |
+
+ # google calendar
+ <\s*iframe\s+src="http://www.google.com/calendar/embed\?src=$attribr"\s+
+ style="\s*border-width:\d+\s*"\s+width="\d+"\s+frameborder="\d+"\s*
+ height="\d+"\s*>\s*</iframe>
+)}sx;
+
+my @embedded;
+
+sub import { #{{{
+ hook(type => "filter", id => "embed", call => \&filter);
+} # }}}
+
+sub embed ($) { #{{{
+ hook(type => "format", id => "embed", call => \&format) unless @embedded;
+ push @embedded, shift;
+ return "<div class=\"embed$#embedded\"></div>";
+} #}}}
+
+sub filter (@) { #{{{
+ my %params=@_;
+ $params{content} =~ s/$safehtml/embed($1)/eg;
+ return $params{content};
+} # }}}
+
+sub format (@) { #{{{
+ my %params=@_;
+ $params{content} =~ s/<div class="embed(\d+)"><\/div>/$embedded[$1]/eg;
+ return $params{content};
+} # }}}
+
+1
* Call decode_form_utf8 before running formbuilder_setup hooks.
* Add editdiff plugin contributed by Jeremie Koenig.
* Fix it to not leak path info.
+ * Add embed plugin, which allows embedding content from google maps, video,
+ calendar, and youtube. Normally, the htmlsanitiser eats these since they
+ use unsafe tags, the embed plugin overrides it for trusted sites.
+ * The googlecalendar plugin is now deprecated, and will be removed
+ eventually. Please switch to using the embed plugin.
- -- Joey Hess <joeyh@debian.org> Wed, 22 Aug 2007 16:56:22 -0400
+ -- Joey Hess <joeyh@debian.org> Thu, 23 Aug 2007 14:08:46 -0400
ikiwiki (2.5) unstable; urgency=low
--- /dev/null
+[[template id=plugin name=embed author="[[Joey]]"]]
+[[tag type/html]]
+
+This plugin allows embedding content from external sites on
+wiki pages.
+
+Normally, the [[htmlscrubber]] does not allow the tags that are used for
+embedding content from external sites, since `<iframe>`, `<embed>`, and
+`<object>` tags can be used for various sorts of attacks. This plugin
+allows such tags to be put on a page, if they look like they are safe.
+
+In the examples below, the parts of the html that you can change are denoted
+with "XXX"; everything else must appear exactly as shown to be accepted by the
+plugin.
+
+## google maps
+
+Use html like this to embed a map:
+
+ <iframe width="XXX" height="XXX" frameborder="XXX" scrolling="XXXX" marginheight="XXXX" marginwidth="XXXX" src="http://maps.google.com/?XXX"></iframe>
+
+(This method only allows embeddeding a simple map. To use the full
+[Google Maps API](http://www.google.com/apis/maps/) from ikiwiki, including
+drawing points and GPS tracks on the map, try the [[contrib/googlemaps]]
+plugin.)
+
+## youtube
+
+Use html like this to embed a video:
+
+ <object width="XXX" height="XXX"><param name="movie" value="http://www.youtube.com/v/XXX"></param><param name="wmode" value="transparent"></param>
+ <embed src="http://www.youtube.com/v/XXX" type="application/x-shockwave-flash" wmode="transparent" width="XXX" height="XXX"></embed></object>
+
+## google video
+
+Use html like this to embed a video:
+
+ <embed style="width:XXXpx; height:XXXpx;" id="XXX" type="application/x-shockwave-flash" src="http://video.google.com/googleplayer.swf?XXX" flashvars=""></embed>
+
+## google calendar
+
+Use html like this to embed a calendar:
+
+ <iframe src="http://www.google.com/calendar/embed?XXX" style="border-width:XXX" width="XXX" frameborder="XXX" height="XXX"></iframe>
+
[[template id=plugin name=googlecalendar author="[[Joey]]"]]
[[tag type/special-purpose]]
+*Note*: This plugin is deprecated. Please switch to the [[embed]] plugin.
+
This plugin allows embedding a google calendar iframe in the wiki.
Normally, if the [[htmlscrubber]] is enabled, such iframes are scrubbed out
of the wiki content since they're not very safe if created by malicious
projects / ikiwiki.git / commitdiff