summaryrefslogtreecommitdiff
path: root/IkiWiki/Plugin/htmlscrubber.pm
AgeCommit message (Collapse)Author
2008-02-10use quotemeta when building the regexpJoey Hess
2008-02-10Allow the smb: URI scheme.Josh Triplett
2008-02-10Allow the snews: URI scheme.Josh Triplett
2008-02-10Do not allow the steam: URI scheme.Josh Triplett
2008-02-10Match literal '.' in URI schemas containing '.', rather than matching any ↵Josh Triplett
character
2008-02-10export $safe_url_regexpJoey Hess
2008-02-10Also filter the attributes cite, longdesc, and usemap, which can contain URIsJosh Triplett
2008-02-10add parens around scheme regexpJoey Hess
2008-02-10Do not allow the about: URI schemeJosh Triplett
Some browsers interpret about: URIs like a limited version of data: URIs. In particular, some versions of Internet Explorer interpret arbitrary HTML content in about: URIs.
2008-02-10fix data:image handlingJoey Hess
2008-02-10* htmlscrubber security fix: Block javascript in uris.Joey Hess
* Add htmlscrubber test suite.
2008-01-07* htmlscrubber: Further work around #365971 by adding tags for 'br/', 'hr/'Joey Hess
and 'p/'.
2007-11-18* Allow html5 video and audio tags and their attributes in the htmlscrubber.Joey Hess
2007-07-11on second thought, simple alphanumeric styles are not actually useful (class ↵joey
is already supported), and anything more complex is too hard to do, so revert
2007-07-11* Allow simple alphanumeric style attribute values in the htmlscrubber. Thisjoey
should be safe from javascript attacks.
2007-04-27* pagespec_match() has changed to take named parameters, to better allowjoey
for extended pagespecs. The old calling convention will still work for back-compat for now. * The calling convention for functions in the IkiWiki::PageSpec namespace has changed so they are passed named parameters. * Plugin interface version increased to 2.00 since I don't anticipate any more interface changes before 2.0.
2006-11-08* Make sure to check for errors from every eval.joey
2006-09-09* Work on firming up the plugin interface:joey
- Plugins should not need to load IkiWiki::Render to get commonly used functions, so moved some functions from there to IkiWiki. - Picked out the set of functions and variables that most plugins use, documented them, and made IkiWiki export them by default, like a proper perl module should. - Use the other functions at your own risk. - This is not quite complete, I still have to decide whether to export some other things. * Changed all plugins included in ikiwiki to not use "IkiWiki::" when referring to stuff now exported by the IkiWiki module. * Anyone with a third-party ikiwiki plugin is strongly enrouraged to make like changes to it and avoid use of non-exported symboles from "IkiWiki::". * Link debian/changelog and debian/news to NEWS and CHANGELOG. * Support hyperestradier version 1.4.2, which adds a new required phraseform setting.
2006-08-28* Change htmlize, format, and sanitize hooks to use named parameters.joey
2006-05-25* Tell HTML::Scrubber to treat "/" as a valid attribute which is itsjoey
very strange way of enabling proper XHTML <br /> type tags. Output html should be always valid again now.
2006-05-05* Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubberjoey
and --disable-plugin htmlscrubber.