Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2024-11-14 05:02:54 +00:00
Code Issues Projects Releases Packages Wiki Activity

Allow support for allowlisted iframe sources in Content\text\BBCode::convert

Browse source 
- Support Youtube, Vimeo and unused local embeds
This commit is contained in:
Hypolite Petovan 2020-12-18 01:17:49 -05:00
parent ec0c9dcdb1
commit 0781f28ca6
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/Content/Text/BBCode.php
View file

@ -1876,6 +1876,14 @@ class BBCode
$config = \HTMLPurifier_HTML5Config::createDefault(); $config = \HTMLPurifier_HTML5Config::createDefault();
$config->set('HTML.Doctype', 'HTML5'); $config->set('HTML.Doctype', 'HTML5');
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(?:
https://www.youtube.com/embed/
|
https://player.vimeo.com/video/
|
' . DI::baseUrl() . '/oembed/ # Has to change with the source in Content\Oembed::iframe
)%xi');
$config->set('Attr.AllowedRel', [ $config->set('Attr.AllowedRel', [
'noreferrer' => true, 'noreferrer' => true,
'noopener' => true, 'noopener' => true,