diff options
| author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-05-04 00:28:04 +0200 |
|---|---|---|
| committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-05-04 00:28:04 +0200 |
| commit | 69ad54e49cfa6da5636b3666fa9dc06200aed053 (patch) | |
| tree | 1e2f313b3b8784d5ef9f8bf219088250c4c30502 | |
| parent | 8ab961ae6f461f936c14a8181e7a2da8eed5897d (diff) | |
embed vimeo and youtube videos fix #148
| -rw-r--r-- | CHANGELOG | 5 | ||||
| -rw-r--r-- | dependencyinjection/dicontainer.php | 3 |
2 files changed, 8 insertions, 0 deletions
@@ -1,3 +1,8 @@ +ownCloud-news (0.97) + +* Fix XSS vulnerability in sanitation +* Properly show embedded vimeo and youtube videos + ownCloud-news (0.96) * Always open links in new tabs diff --git a/dependencyinjection/dicontainer.php b/dependencyinjection/dicontainer.php index b1f8855ca..71a0779bd 100644 --- a/dependencyinjection/dicontainer.php +++ b/dependencyinjection/dicontainer.php @@ -94,6 +94,9 @@ class DIContainer extends BaseContainer { $config = \HTMLPurifier_Config::createDefault(); $config->set('Cache.SerializerPath', $directory); + $config->set('HTML.SafeIframe', true); + $config->set('URI.SafeIframeRegexp', + '%^http://(www.youtube(?:-nocookie)?.com/embed/|player.vimeo.com/video/)%'); //allow YouTube and Vimeo return new \HTMLPurifier($config); }); |