Allow data URI scheme inside the body of an item.

Signed-off-by: Rodrigo Aguilera <hi@rodrigoaguilera.net>
author: Rodrigo Aguilera <rodrigo.aguilera@amazee.com> 2020-07-12 19:03:18 +0200
committer: Benjamin Brahmer <info@b-brahmer.de> 2020-08-14 18:17:18 +0200
commit: 1619dd379d79482e58696eea6c4fea7a03f9e65f (patch)
tree: bace94bc1b3ab8ef727a8e8698ba4d25d9a2778b /lib
parent: 5af591a6bf767d7cd36fa261040269f7f3dcb5a8 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
index faafa471c..ef60c538e 100644
--- a/lib/AppInfo/Application.php
+++ b/lib/AppInfo/Application.php
@@ -153,6 +153,20 @@ class Application extends App
                 'player.vimeo.com/video/|' .
                 'vk.com/video_ext.php)%'
             ); //allow YouTube and Vimeo
+
+            // Additionally to the defaults, allow the data URI scheme.
+            // See http://htmlpurifier.org/live/configdoc/plain.html#URI.AllowedSchemes
+            $config->set('URI.AllowedSchemes', [
+                'http' => true,
+                'https' => true,
+                'data' => true,
+                'mailto' => true,
+                'ftp' => true,
+                'nntp' => true,
+                'news' => true,
+                'tel' => true,
+            ]);
+
             $def = $config->getHTMLDefinition(true);
             $def->addAttribute('iframe', 'allowfullscreen', 'Bool');
             return new HTMLPurifier($config);
author	Rodrigo Aguilera <rodrigo.aguilera@amazee.com>	2020-07-12 19:03:18 +0200
committer	Benjamin Brahmer <info@b-brahmer.de>	2020-08-14 18:17:18 +0200
commit	1619dd379d79482e58696eea6c4fea7a03f9e65f (patch)
tree	bace94bc1b3ab8ef727a8e8698ba4d25d9a2778b /lib
parent	5af591a6bf767d7cd36fa261040269f7f3dcb5a8 (diff)