Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-19 11:10:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Remove support for [iframe] BBCode

Browse source 
- It was a huge gaping security hole, and now HTML Purify will remove the src attribute of all non-allowed sources anyway.
This commit is contained in:
Hypolite Petovan 2020-12-18 01:16:35 -05:00
parent 13c7224789
commit ec0c9dcdb1
4 changed files with 5 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/Content/Text/HTML.php
View file

@ -290,7 +290,8 @@ class HTML
self::tagToBBCode($doc, 'video', ['src' => '/(.+)/'], '[video]$1', '[/video]', true);
self::tagToBBCode($doc, 'audio', ['src' => '/(.+)/'], '[audio]$1', '[/audio]', true);
self::tagToBBCode($doc, 'iframe', ['src' => '/(.+)/'], '[iframe]$1', '[/iframe]', true);
// Backward compatibility, [iframe] support has been removed in version 2020.12
self::tagToBBCode($doc, 'iframe', ['src' => '/(.+)/'], '[url]$1', '[/url]', true);
self::tagToBBCode($doc, 'key', [], '[code]', '[/code]');
self::tagToBBCode($doc, 'code', [], '[code]', '[/code]');
@ -630,6 +631,7 @@ class HTML
self::tagToBBCode($doc, 'img', ['src' => '/(.+)/'], ' ', ' ');
}
// Backward compatibility, [iframe] support has been removed in version 2020.12
self::tagToBBCode($doc, 'iframe', ['src' => '/(.+)/'], ' $1 ', '');
$message = $doc->saveHTML();