mahara-contributors team mailing list archive

[Mahara Bot <922360@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://reviews.mahara.org/1125
Committed: http://gitorious.org/mahara/mahara/commit/8947151000b6cd11c66656884541b7b766cf707d
Submitter: Francois Marier (francois@xxxxxxxxxxxxxxx)
Branch:    1.5_STABLE

commit 8947151000b6cd11c66656884541b7b766cf707d
Author: Richard Mansfield <richard.mansfield@xxxxxxxxxxxxxxx>
Date:   Wed Mar 28 11:40:18 2012 +1300

    Fix overly permissive SafeIframeRegexp in htmlpurifier (bug #922360)
    
    Dots in the list of safe iframe sources are not escaped before use in
    the regular expression passed to htmlpurifier, but they should be
    because of their special meaning inside patterns.  This will prevent
    people from registering domains like 'www-youtube.com' and
    'playerxvimeo.com' and embedding iframes from those sites in their
    pages.
    
    Change-Id: I94ceedd77172cbb6650efad0ab7edfae92f5f7e8
    Signed-off-by: Richard Mansfield <richard.mansfield@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/922360

Title:
  Use SafeIFrame feature of HTML Purifier

Status in Mahara ePortfolio:
  Fix Committed

Bug description:
  We should look at replacing the iframe filters we have in
  htdocs/lib/htmlpurifiercustom/ with the new SafeIFrame feature that
  HTML Purifier 4.4.0 has:

    http://htmlpurifier.org/live/configdoc/plain.html#HTML.SafeIframe
    http://htmlpurifier.org/live/configdoc/plain.html#URI.SafeIframeRegexp

  (This of course depends on bug #921314.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/922360/+subscriptions