mahara-contributors team mailing list archive

[Kristina Hoeppner <1992702@xxxxxxxxxxxxxxxxxx>]

Using the class option wouldn't be great because we can't expect that
learners add a class in HTML. Therefore, using 'style' would be better.
Maybe we'd need to restrict what the style element could be so as not to
allow others that are not secure. The related report bug 1843154 may
give some idea of how other attributes were limited.

** Summary changed:

- iframe htmlpurifier style attribute
+ Allow a certain style attribute in HTMLPurifier for Canva iframe

** Changed in: mahara
       Status: New => Confirmed

** Changed in: mahara
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1992702

Title:
  Allow a certain style attribute in HTMLPurifier for Canva iframe

Status in Mahara:
  Confirmed

Bug description:
  We have embed code generated by Canva
  However, Htmlpurifier removes 'style' attribute on iframe and hence the embed content is not displayed properly.

  I am looking to add 'style' as allowed attribute for iframe, but it may have some security implication, refer https://bugs.launchpad.net/mahara/+bug/1843154
   
  There is another option, that is using 'class', but it will require user to change the embed code.


  Example embed code
  <div style="position: relative; width: 100%; height: 0; padding-top: 56.2500%;
   padding-bottom: 0; box-shadow: 0 2px 8px 0 rgba(63,69,81,0.16); margin-top: 1.6em; margin-bottom: 0.9em; overflow: hidden;
   border-radius: 8px; will-change: transform;">
    <iframe loading="lazy" style="position: absolute; width: 100%; height: 100%; top: 0; left: 0; border: none; padding: 0;margin: 0;"
      src="https://sourceurl"; allowfullscreen="allowfullscreen" allow="fullscreen">
    </iframe>
  </div>

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1992702/+subscriptions