From 1bd1b03766704bbf2271e87cf4a68978827f31fb Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Date: Mon, 17 Nov 2008 09:10:06 +0000
Subject: smcvpostcomment: remove HTML if not allowed

---
 IkiWiki/Plugin/smcvpostcomment.pm | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'IkiWiki')

diff --git a/IkiWiki/Plugin/smcvpostcomment.pm b/IkiWiki/Plugin/smcvpostcomment.pm
index 43b1d3e6f..07f008e5e 100644
--- a/IkiWiki/Plugin/smcvpostcomment.pm
+++ b/IkiWiki/Plugin/smcvpostcomment.pm
@@ -205,6 +205,12 @@ sub sessioncgi ($$) { #{{{
 			unless $config{prefix_directives};
 	}
 
+	unless ($allow_html) {
+		$body =~ s/&(\w|#)/&amp;$1/g;
+		$body =~ s/</&lt;/g;
+		$body =~ s/>/&gt;/g;
+	}
+
 	# In this template, the [[!meta]] directives should stay at the end,
 	# so that they will override anything the user specifies. (For
 	# instance, [[!meta author="I can fake the author"]]...)
-- 
cgit v1.2.3