Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-25 10:30:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

Remove support for [iframe] BBCode

Browse source 
- It was a huge gaping security hole, and now HTML Purify will remove the src attribute of all non-allowed sources anyway.
This commit is contained in:
Hypolite Petovan 2020-12-18 01:16:35 -05:00
parent 13c7224789
commit ec0c9dcdb1
4 changed files with 5 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/Content/Text/BBCode.php
View file

@ -1622,11 +1622,8 @@ class BBCode
'<a href="$1" target="_blank" rel="noopener noreferrer">$1</a>', $text);
}
if ($try_oembed) {
$text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '<iframe src="$1" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="$1">$1</a></iframe>', $text);
} else {
$text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '<a href="$1">$1</a>', $text);
}
// Backward compatibility, [iframe] support has been removed in version 2020.12
$text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '<a href="$1">$1</a>', $text);
// Youtube extensions
if ($try_oembed) {