diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-05-05 05:41:11 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-05-05 05:41:11 +0000 |
| commit | 6652de5e1abcaac3ee2f4bf17e5a4b847fcadb0d (patch) | |
| tree | 29c76e12b318309401a3274e13891210f275bf83 /doc/plugins | |
| parent | 157df8591f03ade7504ad732446f125ae8609b05 (diff) | |
* Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubber
and --disable-plugin htmlscrubber.
Diffstat (limited to 'doc/plugins')
| -rw-r--r-- | doc/plugins/htmlscrubber.mdwn | 30 | ||||
| -rw-r--r-- | doc/plugins/write.mdwn | 13 |
2 files changed, 41 insertions, 2 deletions
diff --git a/doc/plugins/htmlscrubber.mdwn b/doc/plugins/htmlscrubber.mdwn new file mode 100644 index 000000000..cf0d8e02a --- /dev/null +++ b/doc/plugins/htmlscrubber.mdwn @@ -0,0 +1,30 @@ +This plugin is enabled by default. It sanitizes the html on pages it renders +to avoid XSS attacks and the like. + +It excludes all html tags and attributes except for those that are +whitelisted using the same lists as used by Mark Pilgrim's Universal Feed +Parser, documented at <http://feedparser.org/docs/html-sanitization.html>. +Notably it strips `style`, `link`, and the `style` attribute. + +It uses the HTML::Scrubber perl module to perform its html +sanitisation, and this perl module also deals with various entity encoding +tricks. + +While I believe that this makes ikiwiki as resistant to malicious html +content as anything else on the web, I cannot guarantee that it will +actually protect every user of every browser from every browser security +hole, badly designed feature, etc. I can provide NO WARRANTY, like it says +in ikiwiki's [GPL](GPL) license. + +The web's security model is *fundamentally broken*; ikiwiki's html +sanitisation is only a patch on the underlying gaping hole that is your web +browser. + +---- + +Some examples of embedded javascript that won't be let through when this +plugin is active: + +* <span style="background: url(javascript:window.location='http://example.org/')">test</span> +* <span style="any: expression(window.location='http://example.org/')">test</span> +* <span style="any: expression(window.location='http://example.org/')">test</span> diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn index ae2f8b904..6c013cd4a 100644 --- a/doc/plugins/write.mdwn +++ b/doc/plugins/write.mdwn @@ -49,7 +49,7 @@ return the error message as the output of the plugin. ### Html issues -Note that if [[HTMLSanitization]] is enabled, html in +Note that if the [[htmlscrubber]] is enabled, html in [[PreProcessorDirective]] output is sanitised, which may limit what your plugin can do. Also, the rest of the page content is not in html format at preprocessor time. Text output by a preprocessor directive will be passed @@ -75,7 +75,16 @@ IkiWiki::error if something isn't configured right. Runs on the raw source of a page, before anything else touches it, and can make arbitrary changes. The function is passed named parameters `page` and -`content` should return the filtered content. +`content` and should return the filtered content. + +### sanitize + + IkiWiki::hook(type => "filter", id => "foo", call => \&sanitize); + +Use this to implement html sanitization or anything else that needs to +modify the content of a page after it has been fully converted to html. +The function is passed the page content and should return the sanitized +content. ### delete |