diff options
| author | Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/> | 2008-11-17 09:10:06 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/> | 2008-12-11 21:14:02 +0000 |
| commit | 1bd1b03766704bbf2271e87cf4a68978827f31fb (patch) | |
| tree | 6093bbd135357900ed896fc875155f47a7985130 /IkiWiki | |
| parent | 660a4ef151bd3da5135c9baa5b782ca373546d16 (diff) | |
smcvpostcomment: remove HTML if not allowed
Diffstat (limited to 'IkiWiki')
| -rw-r--r-- | IkiWiki/Plugin/smcvpostcomment.pm | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/smcvpostcomment.pm b/IkiWiki/Plugin/smcvpostcomment.pm index 43b1d3e6f..07f008e5e 100644 --- a/IkiWiki/Plugin/smcvpostcomment.pm +++ b/IkiWiki/Plugin/smcvpostcomment.pm @@ -205,6 +205,12 @@ sub sessioncgi ($$) { #{{{ unless $config{prefix_directives}; } + unless ($allow_html) { + $body =~ s/&(\w|#)/&$1/g; + $body =~ s/</</g; + $body =~ s/>/>/g; + } + # In this template, the [[!meta]] directives should stay at the end, # so that they will override anything the user specifies. (For # instance, [[!meta author="I can fake the author"]]...) |