* Add a googlecalendar plugin. A bit special-purpose, but it shows

  one way to to deal with user-supplied content that could cause XSS
  issues w/o the htmlscrubber, and won't survive the scrubber.

1 files changed, 46 insertions, 0 deletions

diff --git a/IkiWiki/Plugin/googlecalendar.pm b/IkiWiki/Plugin/googlecalendar.pm
new file mode 100644
index 000000000..c99563d95
--- /dev/null
+++ b/IkiWiki/Plugin/googlecalendar.pm
@@ -0,0 +1,46 @@
+#!/usr/bin/perl
+package IkiWiki::Plugin::googlecalendar;
+
+use warnings;
+use strict;
+use IkiWiki;
+use IPC::Open2;
+
+sub import { #{{{
+	IkiWiki::hook(type => "preprocess", id => "googlecalendar",
+		call => \&preprocess);
+	IkiWiki::hook(type => "format", id => "googlecalendar",
+		call => \&format);
+} # }}}
+
+sub preprocess (@) { #{{{
+	my %params=@_;
+
+	# Parse the html, looking for the url to embed for the calendar.
+	# Avoid XSS attacks..
+	my ($url)=$params{html}=~m#iframe\s+src="http://www\.google\.com/calendar/embed\?([^"<>]+)"#;
+	if (! defined $url || ! length $url) {
+		return "[[googlecalendar failed to find url in html]]";
+	}
+	my ($height)=$params{html}=~m#height="(\d+)"#;
+	my ($width)=$params{html}=~m#width="(\d+)"#;
+
+	return "<div class=\"googlecalendar\" src=\"$url\" height=\"$height\" width=\"$width\"></div>";
+} # }}}
+
+sub format (@) { #{{{
+        my %params=@_;
+
+	$params{content}=~s/<div class=\"googlecalendar" src="([^"]+)" height="([^"]+)" width="([^"]+)"><\/div>/gencal($1,$2,$3)/eg;
+
+        return $params{content};
+} # }}}
+
+sub gencal ($$$) { #{{{
+	my $url=shift;
+	my $height=shift;
+	my $width=shift;
+	return qq{<iframe src="http://www.google.com/calendar/embed?$url" style=" border-width:0 " width="$width" frameborder="0" height="$height"></iframe>};
+} #}}}
+
+1