1 # ===================================================================== 2 # cmtFilter.awk: content filtering function for page comments. 3 # 4 # Copyright (c) 2007-2011 Carlo Strozzi 5 # 6 # This program is free software; you can redistribute it and/or modify 7 # it under the terms of the GNU General Public License as published by 8 # the Free Software Foundation; version 2 dated June, 1991. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 # 19 # ===================================================================== 20 21 # ===================================================================== 22 # string cmtFilter(string content) 23 # ===================================================================== 24 25 function cmtFilter(content, value,max) { 26 27 # No hard-coded formatting is accepted, so I "crush" \n and \t 28 # by turning them into spaces. 29 30 gsub(/[\n\t]+/," ",content) 31 32 value = _strip(content,_O_MIDDLE) 33 34 # Set default maximum comment body length. 35 if (!(max=ENVIRON["TNS_CMT_MAXLEN"]/1)) max = 2048 36 37 if (length(value) > max) return "-" 38 39 # Apply filtering for allowed [X]HTML markup. Only a minimal, 40 # case-sensitive subset of elements is accepted in the comment body. 41 # For an element to be accepted it must be written exactly as shown 42 # and it must not have attributes. It is up to the user to write 43 # well-formed XML text, or tidy(1) (if used) will complain. 44 45 gsub(//,"\001em>",value) 46 gsub(/<\/em>/,"\001/em>",value) 47 gsub(//,"\001strong>",value) 48 gsub(/<\/strong>/,"\001/strong>",value) 49 50 # Empty elements should be well-formed XML in any case, because 51 # the text entered by the user will have to undergo a pass through 52 # tidy(1) even if we are abiding by a non-XHTML syntax. If this is 53 # not done, then the risk of having users break the overall site 54 # layout by entering malformed HTML tags is too high. 55 56 gsub(/
/,"\001hr/>",value) 57 gsub(/
/,"\001br/>",value) 58 59 gsub(/