qw(OK FORBIDDEN NOT_FOUND HTTP_INTERNAL_SERVER_ERROR HTTP_BAD_REQUEST);
use Apache2::RequestRec;
use CGI;
+use HTML::Restrict;
use OpenSRF::Utils::JSON;
use OpenSRF::System;
use OpenSRF::Utils::SettingsClient;
return Apache2::Const::OK;
}
+# Remove all but the following elements and attributes from text/html
+# compiled content.
+my $rules = {
+ b => [qw(class style)],
+ caption => [qw(class style)],
+ center => [qw(class style)],
+ div => [qw(class style)],
+ em => [qw(class style)],
+ i => [qw(class style)],
+ img => [qw(class style src)],
+ li => [qw(class style)],
+ ol => [qw(class style)],
+ p => [qw(class style)],
+ span => [qw(class style)],
+ strong => [qw(class style)],
+ style => [],
+ sub => [qw(class style)],
+ sup => [qw(class style)],
+ table => [qw(class style)],
+ tbody => [qw(class style)],
+ td => [qw(class style)],
+ th => [qw(class style)],
+ thead => [qw(class style)],
+ tr => [qw(class style)],
+ u => [qw(class style)],
+ ul => [qw(class style)],
+};
+my $hr = HTML::Restrict->new(rules => $rules);
sub handler {
my $r = shift;
my $stat = $tt->process(\$tmpl, {template_data => $data}, \$output);
if ($stat) { # OK
-
- $r->content_type($template->content_type . '; encoding=utf8');
+ my $ctype = $template->content_type;
+ if ($ctype eq 'text/html') {
+ # Scrub the HTML
+ $output = $hr->process($output);
+ }
+ $r->content_type("$ctype; encoding=utf8");
$r->print($output);
return Apache2::Const::OK;
projects / working / Evergreen.git / commitdiff