hi samizdat-devel,
The following type of external image URL is *not* removed by
our
present version of sanitise + xhtml.html, and it *is*
interpreted by
many standard browsers as an external, http:// URL:
<img
src="//www.debian.org/logos/openlogo-nd-50.png"
/>
The following patch works - it requires one of the first two
letters
of the expression to be something which is not "/"
- in other words,
"/content/..." or "content/..." is
accepted but "//www..." is removed.
This came from a mir discussion, but on the non-public list,
so i thought
it better not to forward the source of the discussion.
Does this sound reasonable?
cheers
boud
--- data/samizdat/xhtml.yaml 2006-12-04
17:31:30.000000000 +0100
+++ /usr/share/samizdat/xhtml.yaml 2007-02-08
22:54:10.828717856 +0100
 -90,8
+90,8
hr:
html:
i:
img:
- src: &path !ruby/regexp /A[^:]+z/i
+ src: &path !ruby/regexp /A([^/].|.[^/])[^:]+z/i
alt: *cdata
longdesc: *path
width: *length
_______________________________________________
samizdat-devel mailing list
samizdat-develnongnu.org
http://lists.nongnu.org/mailman/listinfo/samizdat-devel
|