search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: d1ec84f) | patch
Iframe Whitelisting by URI instead of hostname.
commitbddd1e033bb8a93b832ef0d540d7bdd6a0f8c2d8
authorBradley M. Froehle <brad.froehle@gmail.com>
Wed, 23 Mar 2011 01:13:21 +0000 (22 18:13 -0700)
committerBradley M. Froehle <brad.froehle@gmail.com>
Wed, 23 Mar 2011 01:17:02 +0000 (22 18:17 -0700)
tree8e08b1cc852656b5acfaee19f52ac3b206aeb65btree | snapshot (tar.gz zip)
parentd1ec84f287bd623ebb05167d8a310a9925fa8842commit | diff
Iframe Whitelisting by URI instead of hostname.

Replace %URI.IframeHostWhitelist with %URI.IframeWhitelistRegexp
which is an array of PCRE regular expressions. If any match the
iframe src URI, the iframe will be allowed.

As before, %HTML.SafeIframe must also be enabled.

Signed-off-by: Bradley M. Froehle <brad.froehle@gmail.com>
14 files changed:
NEWS diff | blob | blame | history
configdoc/usage.xml diff | blob | blame | history
docs/dev-config-naming.txt diff | blob | blame | history
library/HTMLPurifier.includes.php diff | blob | blame | history
library/HTMLPurifier.safe-includes.php diff | blob | blame | history
library/HTMLPurifier/ConfigSchema/schema.ser diff | blob | blame | history
library/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt diff | blob | blame | history
library/HTMLPurifier/ConfigSchema/schema/URI.IframeHostWhitelist.txt diff | blob | blame | history
library/HTMLPurifier/URIDefinition.php diff | blob | blame | history
library/HTMLPurifier/URIFilter/IframeHostWhitelist.php [deleted file] blob | blame | history
library/HTMLPurifier/URIFilter/IframeWhitelistRegexp.php [new file with mode: 0644] blob
tests/HTMLPurifier/HTMLT/safe-iframe-googlemaps.htmlt diff | blob | blame | history
tests/HTMLPurifier/HTMLT/safe-iframe-youtube.htmlt diff | blob | blame | history
tests/HTMLPurifier/HTMLT/safe-iframe.htmlt diff | blob | blame | history
HTMLPurifier with iframe extension