Also filter the attributes cite, longdesc, and usemap, which can contain URIs
authorJosh Triplett <josh@freedesktop.org>
Sun, 10 Feb 2008 21:59:37 +0000 (13:59 -0800)
committerJosh Triplett <josh@freedesktop.org>
Sun, 10 Feb 2008 21:59:37 +0000 (13:59 -0800)
IkiWiki/Plugin/htmlscrubber.pm
debian/changelog

index 897a398bae7cfe1d87b1b1b618857a407afa10f7..8136bdadce567c6ae21432755d73b4d0b9a01a73 100644 (file)
@@ -58,15 +58,15 @@ sub scrubber { #{{{
                        map { $_ => 1 } qw{
                                abbr accept accept-charset accesskey
                                align alt axis border cellpadding cellspacing
-                               char charoff charset checked cite class
+                               char charoff charset checked class
                                clear cols colspan color compact coords
                                datetime dir disabled enctype for frame
                                headers height hreflang hspace id ismap
-                               label lang longdesc maxlength media method
+                               label lang maxlength media method
                                multiple name nohref noshade nowrap prompt
                                readonly rel rev rows rowspan rules scope
                                selected shape size span start summary
-                               tabindex target title type usemap valign
+                               tabindex target title type valign
                                value vspace width
                                autoplay loopstart loopend end
                                playcount controls 
@@ -75,7 +75,10 @@ sub scrubber { #{{{
                        href => $link,
                        src => $link,
                        action => $link,
+                       cite => $link,
+                       longdesc => $link,
                        poster => $link,
+                       usemap => $link,
                }],
        );
        return $_scrubber;
index 36da7c0bf8333d40f1609c0423326fdca6ab8e10..1b4b70d8c74749cad9d06b67988b76ba9d47f145 100644 (file)
@@ -15,8 +15,10 @@ ikiwiki (2.31.3) unstable; urgency=high
     URIs like a limited version of data: URIs.  In particular, some
     versions of Internet Explorer interpret arbitrary HTML content in
     about: URIs.
+  * Also filter the attributes cite, longdesc, and usemap, which can contain
+    URIs.
 
- -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:18:58 -0800
+ -- Josh Triplett <josh@freedesktop.org>  Sun, 10 Feb 2008 13:59:00 -0800
 
 ikiwiki (2.31.2) unstable; urgency=high