From 1bd1b03766704bbf2271e87cf4a68978827f31fb Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Date: Mon, 17 Nov 2008 09:10:06 +0000
Subject: smcvpostcomment: remove HTML if not allowed
---
IkiWiki/Plugin/smcvpostcomment.pm | 6 ++++++
1 file changed, 6 insertions(+)
(limited to 'IkiWiki/Plugin')
diff --git a/IkiWiki/Plugin/smcvpostcomment.pm b/IkiWiki/Plugin/smcvpostcomment.pm
index 43b1d3e6f..07f008e5e 100644
--- a/IkiWiki/Plugin/smcvpostcomment.pm
+++ b/IkiWiki/Plugin/smcvpostcomment.pm
@@ -205,6 +205,12 @@ sub sessioncgi ($$) { #{{{
unless $config{prefix_directives};
}
+ unless ($allow_html) {
+ $body =~ s/&(\w|#)/&$1/g;
+ $body =~ s/</</g;
+ $body =~ s/>/>/g;
+ }
+
# In this template, the [[!meta]] directives should stay at the end,
# so that they will override anything the user specifies. (For
# instance, [[!meta author="I can fake the author"]]...)
--
cgit v1.2.3