summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJosh Triplett <josh@freedesktop.org>2008-02-10 13:59:37 -0800
committerJosh Triplett <josh@freedesktop.org>2008-02-10 13:59:37 -0800
commitd20e24b636c512fb47b2ca42a0677a3bab4d3fcb (patch)
tree4eab0006e0da03777418d0ae07541424700a218f
parent34115a34e0593e999b7a279e07293b090012082a (diff)
Also filter the attributes cite, longdesc, and usemap, which can contain URIs
-rw-r--r--IkiWiki/Plugin/htmlscrubber.pm9
-rw-r--r--debian/changelog4
2 files changed, 9 insertions, 4 deletions
diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm
index 897a398ba..8136bdadc 100644
--- a/IkiWiki/Plugin/htmlscrubber.pm
+++ b/IkiWiki/Plugin/htmlscrubber.pm
@@ -58,15 +58,15 @@ sub scrubber { #{{{
map { $_ => 1 } qw{
abbr accept accept-charset accesskey
align alt axis border cellpadding cellspacing
- char charoff charset checked cite class
+ char charoff charset checked class
clear cols colspan color compact coords
datetime dir disabled enctype for frame
headers height hreflang hspace id ismap
- label lang longdesc maxlength media method
+ label lang maxlength media method
multiple name nohref noshade nowrap prompt
readonly rel rev rows rowspan rules scope
selected shape size span start summary
- tabindex target title type usemap valign
+ tabindex target title type valign
value vspace width
autoplay loopstart loopend end
playcount controls
@@ -75,7 +75,10 @@ sub scrubber { #{{{
href => $link,
src => $link,
action => $link,
+ cite => $link,
+ longdesc => $link,
poster => $link,
+ usemap => $link,
}],
);
return $_scrubber;
diff --git a/debian/changelog b/debian/changelog
index 36da7c0bf..1b4b70d8c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,8 +15,10 @@ ikiwiki (2.31.3) unstable; urgency=high
URIs like a limited version of data: URIs. In particular, some
versions of Internet Explorer interpret arbitrary HTML content in
about: URIs.
+ * Also filter the attributes cite, longdesc, and usemap, which can contain
+ URIs.
- -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:18:58 -0800
+ -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:59:00 -0800
ikiwiki (2.31.2) unstable; urgency=high