summaryrefslogtreecommitdiff
path: root/IkiWiki
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-09-09 07:11:51 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-09-09 07:11:51 +0000
commitaa2b3b8f637d0f3abe2ebf3845a22781ffd83c72 (patch)
tree30e3be4575cf8eed591a914f037542690547c433 /IkiWiki
parent1431e29934f00e690f4ac404a83f9caaeb7b3f69 (diff)
* Add a googlecalendar plugin. A bit special-purpose, but it shows
one way to to deal with user-supplied content that could cause XSS issues w/o the htmlscrubber, and won't survive the scrubber.
Diffstat (limited to 'IkiWiki')
-rw-r--r--IkiWiki/Plugin/googlecalendar.pm46
1 files changed, 46 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/googlecalendar.pm b/IkiWiki/Plugin/googlecalendar.pm
new file mode 100644
index 000000000..c99563d95
--- /dev/null
+++ b/IkiWiki/Plugin/googlecalendar.pm
@@ -0,0 +1,46 @@
+#!/usr/bin/perl
+package IkiWiki::Plugin::googlecalendar;
+
+use warnings;
+use strict;
+use IkiWiki;
+use IPC::Open2;
+
+sub import { #{{{
+ IkiWiki::hook(type => "preprocess", id => "googlecalendar",
+ call => \&preprocess);
+ IkiWiki::hook(type => "format", id => "googlecalendar",
+ call => \&format);
+} # }}}
+
+sub preprocess (@) { #{{{
+ my %params=@_;
+
+ # Parse the html, looking for the url to embed for the calendar.
+ # Avoid XSS attacks..
+ my ($url)=$params{html}=~m#iframe\s+src="http://www\.google\.com/calendar/embed\?([^"<>]+)"#;
+ if (! defined $url || ! length $url) {
+ return "[[googlecalendar failed to find url in html]]";
+ }
+ my ($height)=$params{html}=~m#height="(\d+)"#;
+ my ($width)=$params{html}=~m#width="(\d+)"#;
+
+ return "<div class=\"googlecalendar\" src=\"$url\" height=\"$height\" width=\"$width\"></div>";
+} # }}}
+
+sub format (@) { #{{{
+ my %params=@_;
+
+ $params{content}=~s/<div class=\"googlecalendar" src="([^"]+)" height="([^"]+)" width="([^"]+)"><\/div>/gencal($1,$2,$3)/eg;
+
+ return $params{content};
+} # }}}
+
+sub gencal ($$$) { #{{{
+ my $url=shift;
+ my $height=shift;
+ my $width=shift;
+ return qq{<iframe src="http://www.google.com/calendar/embed?$url" style=" border-width:0 " width="$width" frameborder="0" height="$height"></iframe>};
+} #}}}
+
+1