[Rt-commit] [svn] r1123 - in rt/branches/rt-3.1: . html/Elements
jesse at pallas.eruditorum.org
jesse at pallas.eruditorum.org
Mon Jun 21 00:36:41 EDT 2004
Author: jesse
Date: Mon Jun 21 00:36:40 2004
New Revision: 1123
Modified:
rt/branches/rt-3.1/ (props changed)
rt/branches/rt-3.1/html/Elements/ScrubHTML
Log:
----------------------------------------------------------------------
r1946 at tinbook: jesse | 2004-06-21T04:35:49.516410Z
Be more conservative about what href tags we display in scrubbed html
----------------------------------------------------------------------
Modified: rt/branches/rt-3.1/html/Elements/ScrubHTML
==============================================================================
--- rt/branches/rt-3.1/html/Elements/ScrubHTML (original)
+++ rt/branches/rt-3.1/html/Elements/ScrubHTML Mon Jun 21 00:36:40 2004
@@ -1,13 +1,25 @@
<%init>
my $scrubber = HTML::Scrubber->new();
-$scrubber->default( 0,
- { '*' => 0, id => 1, class => 1, href => 1, face => 1, size => 1, target => 1 } );
+$scrubber->default(
+ 0,
+ {
+ '*' => 0,
+ id => 1,
+ class => 1,
+ href => qr{^(?:http:|ftp:|https:|/)}i,
+ # Match http, ftp and relative urls
+ face => 1,
+ size => 1,
+ target => 1
+ }
+);
$scrubber->deny(qw[*]);
-$scrubber->allow( qw[A B U P BR I HR BR SMALL EM FONT SPAN DIV UL OL LI DL DT DD] );
+$scrubber->allow(
+ qw[A B U P BR I HR BR SMALL EM FONT SPAN DIV UL OL LI DL DT DD]);
$scrubber->comment(0);
-return($scrubber->scrub($Content));
+return ( $scrubber->scrub($Content) );
</%init>
<%args>
$Content => undef
More information about the Rt-commit
mailing list