mahara-contributors team mailing list archive

[Mahara Bot <922360@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://reviews.mahara.org/1126
Committed: http://gitorious.org/mahara/mahara/commit/a7e74fe9d9b23d3531ce12294dba2002d398306e
Submitter: Francois Marier (francois@xxxxxxxxxxxxxxx)
Branch:    master

commit a7e74fe9d9b23d3531ce12294dba2002d398306e
Author: Richard Mansfield <richard.mansfield@xxxxxxxxxxxxxxx>
Date:   Wed Mar 28 11:40:18 2012 +1300

    Fix overly permissive SafeIframeRegexp in htmlpurifier (bug #922360)
    
    Dots in the list of safe iframe sources are not escaped before use in
    the regular expression passed to htmlpurifier, but they should be
    because of their special meaning inside patterns.  This will prevent
    people from registering domains like 'www-youtube.com' and
    'playerxvimeo.com' and embedding iframes from those sites in their
    pages.
    
    Change-Id: I94ceedd77172cbb6650efad0ab7edfae92f5f7e8
    Signed-off-by: Richard Mansfield <richard.mansfield@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/922360

Title:
  Use SafeIFrame feature of HTML Purifier

Status in Mahara ePortfolio:
  Fix Committed

Bug description:
  We should look at replacing the iframe filters we have in
  htdocs/lib/htmlpurifiercustom/ with the new SafeIFrame feature that
  HTML Purifier 4.4.0 has:

    http://htmlpurifier.org/live/configdoc/plain.html#HTML.SafeIframe
    http://htmlpurifier.org/live/configdoc/plain.html#URI.SafeIframeRegexp

  (This of course depends on bug #921314.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/922360/+subscriptions