summaryrefslogtreecommitdiff
path: root/IkiWiki/Plugin/comments.pm
AgeCommit message (Collapse)Author
2008-12-11comments: Use HTML entities to escape directivesSimon McVittie
2008-12-11Embed comments into comments_embed.tmpl rather than concatenating in perlSimon McVittie
2008-12-11comments: use CGI module's checksessionexpirySimon McVittie
2008-12-11comments: remove allowhtml option, just switch it on all the timeSimon McVittie
Now that posts are individually sanitized, that should be safe.
2008-12-11comments: load inline and mdwn lazilySimon McVittie
2008-12-11comments: don't rely on mdwn getting loaded firstSimon McVittie
2008-12-11comments: sanitize the body of each comment before posting itSimon McVittie
This should ensure that users can't "break out" from the enclosing <div>, making it impossible to forge comments (assuming htmlscrubber is enabled, and so is either htmlbalance or htmltidy).
2008-12-11Fix typo that led to comments being blankedSimon McVittie
2008-12-11postcomment: Rename plugin to comments, use *._comment filesSimon McVittie
The PageSpec is still called "postcomment" since that's what it means.