diff options
author | Josh Triplett <josh@freedesktop.org> | 2008-02-10 13:59:37 -0800 |
---|---|---|
committer | Josh Triplett <josh@freedesktop.org> | 2008-02-10 13:59:37 -0800 |
commit | d20e24b636c512fb47b2ca42a0677a3bab4d3fcb (patch) | |
tree | 4eab0006e0da03777418d0ae07541424700a218f | |
parent | 34115a34e0593e999b7a279e07293b090012082a (diff) |
Also filter the attributes cite, longdesc, and usemap, which can contain URIs
-rw-r--r-- | IkiWiki/Plugin/htmlscrubber.pm | 9 | ||||
-rw-r--r-- | debian/changelog | 4 |
2 files changed, 9 insertions, 4 deletions
diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm index 897a398ba..8136bdadc 100644 --- a/IkiWiki/Plugin/htmlscrubber.pm +++ b/IkiWiki/Plugin/htmlscrubber.pm @@ -58,15 +58,15 @@ sub scrubber { #{{{ map { $_ => 1 } qw{ abbr accept accept-charset accesskey align alt axis border cellpadding cellspacing - char charoff charset checked cite class + char charoff charset checked class clear cols colspan color compact coords datetime dir disabled enctype for frame headers height hreflang hspace id ismap - label lang longdesc maxlength media method + label lang maxlength media method multiple name nohref noshade nowrap prompt readonly rel rev rows rowspan rules scope selected shape size span start summary - tabindex target title type usemap valign + tabindex target title type valign value vspace width autoplay loopstart loopend end playcount controls @@ -75,7 +75,10 @@ sub scrubber { #{{{ href => $link, src => $link, action => $link, + cite => $link, + longdesc => $link, poster => $link, + usemap => $link, }], ); return $_scrubber; diff --git a/debian/changelog b/debian/changelog index 36da7c0bf..1b4b70d8c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,8 +15,10 @@ ikiwiki (2.31.3) unstable; urgency=high URIs like a limited version of data: URIs. In particular, some versions of Internet Explorer interpret arbitrary HTML content in about: URIs. + * Also filter the attributes cite, longdesc, and usemap, which can contain + URIs. - -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:18:58 -0800 + -- Josh Triplett <josh@freedesktop.org> Sun, 10 Feb 2008 13:59:00 -0800 ikiwiki (2.31.2) unstable; urgency=high |