add rest of html5 form attributes

It's easy to imagine pattern being used to freeze or crash browsers, if
they implement it stupidly. Let's hope not..

3 files changed, 6 insertions, 2 deletions

diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
index 0090b67b9..7517c82c6 100644
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -103,7 +103,7 @@ sub scrubber {
 
 				autofocus autoplay preload loopstart
 				loopend end playcount controls pubdate
-				placeholder min max step
+				placeholder min max step form required
 			} ),
 			"/" => 1, # emit proper <hr /> XHTML
 			href => $safe_url_regexp,
diff --git a/debian/changelog b/debian/changelog
index 108764c39..cdc79ae78 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,7 +11,7 @@ ikiwiki (3.20100428) UNRELEASED; urgency=low
   * htmlscrubber: Round out html5 video support with the preload
     attribute and the source tag.
   * htmlscrubber: Allow the html5 form attributes: placeholder autofocus,
-    min, max, step.
+    min, max, step, required, autocomplete, novalidate, pattern, and form.
 
  -- Joey Hess <joeyh@debian.org>  Tue, 27 Apr 2010 12:10:51 -0400
 
diff --git a/doc/bugs/html5_support.mdwn b/doc/bugs/html5_support.mdwn
index 9c077a2d3..7d9dc9f79 100644
--- a/doc/bugs/html5_support.mdwn
+++ b/doc/bugs/html5_support.mdwn
@@ -79,6 +79,10 @@ HTML5](http://www.w3.org/TR/html5-diff/).
 > can contain urls or other javascript injection mechanisms), and I can add
 > them. (Added several now.) Others, like `embed` are *scary*. --[[Joey]]
 
+> I have not added the new `ping` attribute, because parsing a
+> space-separeated list of urls to avoid javascript injection is annoying, 
+> and the attribute seems generally dubious. --[[Joey]] 
+
 # HTML5 Validation and t/html.t
 
 [validator.nu](http://validator.nu/) is the authorative HTML5 validator,