summaryrefslogtreecommitdiffstats
path: root/roles/wiki/templates/htmlscrubber.pm
blob: caf78a1c0b58c95272ca6dbaf507384db0737873 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/usr/bin/perl
# {{ ansible_managed }}

package IkiWiki::Plugin::htmlscrubber;

use warnings;
use strict;
use IkiWiki 3.00;

# This regexp matches urls that are in a known safe scheme.
# Feel free to use it from other plugins.
our $safe_url_regexp;

sub import {
	hook(type => "getsetup", id => "htmlscrubber", call => \&getsetup);
	hook(type => "sanitize", id => "htmlscrubber", call => \&sanitize);

	# Only known uri schemes are allowed to avoid all the ways of
	# embedding javascrpt.
	# List at http://en.wikipedia.org/wiki/URI_scheme
	my $uri_schemes=join("|", map quotemeta,
		# IANA registered schemes
		"http", "https", "ftp", "mailto", "file", "telnet", "gopher",
		"aaa", "aaas", "acap", 	"cap", "cid", "crid", 
		"dav", "dict", "dns", "fax", "go", "h323", "im", "imap",
		"ldap", "mid", "news", "nfs", "nntp", "pop", "pres",
		"sip", "sips", "snmp", "tel", "urn", "wais", "xmpp",
		"z39.50r", "z39.50s",
		# Selected unofficial schemes
		"aim", "callto", "cvs", "ed2k", "feed", "fish", "gg",
		"irc", "ircs", "lastfm", "ldaps", "magnet", "mms",
		"msnim", "notes", "rsync", "secondlife", "skype", "ssh",
		"sftp", "smb", "sms", "snews", "webcal", "ymsgr",
		"bitcoin", "git", "svn", "bzr", "darcs", "hg"
	);
	# data is a special case. Allow a few data:image/ types,
	# but disallow data:text/javascript and everything else.
	$safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/(?:png|jpeg|gif)|[^:]+(?:$|[\/\?#]))|^#/i;
}

sub getsetup () {
	return
		plugin => {
			safe => 1,
			rebuild => undef,
			section => "core",
		},
		htmlscrubber_skip => {
			type => "pagespec",
			example => "!*/Discussion",
			description => "PageSpec specifying pages not to scrub",
			link => "ikiwiki/PageSpec",
			safe => 1,
			rebuild => undef,
		},
}

sub sanitize (@) {
	my %params=@_;

	if (exists $config{htmlscrubber_skip} &&
	    length $config{htmlscrubber_skip} &&
	    exists $params{page} &&
	    pagespec_match($params{page}, $config{htmlscrubber_skip})) {
		return $params{content};
	}

	return scrubber()->scrub($params{content});
}

my $_scrubber;
sub scrubber {
	return $_scrubber if defined $_scrubber;

	eval q{use HTML::Scrubber};
	error($@) if $@;
	# Lists based on http://feedparser.org/docs/html-sanitization.html
	# With html5 tags added.
	$_scrubber = HTML::Scrubber->new(
      allow => [qw{
          svg rect text g title
			a abbr acronym address area b big blockquote br br/
			button caption center cite code col colgroup dd del
			dfn dir div dl dt em fieldset font form h1 h2 h3 h4
			h5 h6 hr hr/ i img input ins kbd label legend li map
			track
			menu ol optgroup option p p/ pre q s samp select small
			span strike strong sub sup table tbody td textarea
			tfoot th thead tr tt u ul var
			video audio source section nav article aside hgroup
			header footer figure figcaption time mark canvas
			datalist progress meter ruby rt rp details summary
		}],
		default => [undef, { (
                             map { $_ => 1 } qw{
                                 version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform opacity
          data-start data-end data-video data-target data-tracks data-track 
              kind label srclang default
				abbr accept accept-charset accesskey
				align alt axis border cellpadding cellspacing
				char charoff charset checked class
				clear cols colspan color compact coords
				datetime dir disabled enctype for frame
				headers height hreflang hspace id ismap
				kind srclang src default
				label lang maxlength media method
				multiple name nohref noshade nowrap prompt
				readonly rel rev rows rowspan rules scope
				selected shape size span start summary
				tabindex target title type valign
				value vspace width
				autofocus autoplay preload loopstart
				loopend end playcount controls pubdate
				loop muted
				placeholder min max step low high optimum
				form required autocomplete novalidate pattern
				list formenctype formmethod formnovalidate
				formtarget reversed spellcheck open hidden
			} ),
			"/" => 1, # emit proper <hr /> XHTML
			href => $safe_url_regexp,
			src => $safe_url_regexp,
			action => $safe_url_regexp,
			formaction => $safe_url_regexp,
			cite => $safe_url_regexp,
			longdesc => $safe_url_regexp,
			poster => $safe_url_regexp,
			usemap => $safe_url_regexp
		}],
	);
	return $_scrubber;
}

1