diff options
author | Rodrigo Aguilera <rodrigo.aguilera@amazee.com> | 2020-07-12 19:03:18 +0200 |
---|---|---|
committer | Benjamin Brahmer <info@b-brahmer.de> | 2020-08-14 18:17:18 +0200 |
commit | 1619dd379d79482e58696eea6c4fea7a03f9e65f (patch) | |
tree | bace94bc1b3ab8ef727a8e8698ba4d25d9a2778b /lib | |
parent | 5af591a6bf767d7cd36fa261040269f7f3dcb5a8 (diff) |
Allow data URI scheme inside the body of an item.
Signed-off-by: Rodrigo Aguilera <hi@rodrigoaguilera.net>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/AppInfo/Application.php | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index faafa471c..ef60c538e 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -153,6 +153,20 @@ class Application extends App 'player.vimeo.com/video/|' . 'vk.com/video_ext.php)%' ); //allow YouTube and Vimeo + + // Additionally to the defaults, allow the data URI scheme. + // See http://htmlpurifier.org/live/configdoc/plain.html#URI.AllowedSchemes + $config->set('URI.AllowedSchemes', [ + 'http' => true, + 'https' => true, + 'data' => true, + 'mailto' => true, + 'ftp' => true, + 'nntp' => true, + 'news' => true, + 'tel' => true, + ]); + $def = $config->getHTMLDefinition(true); $def->addAttribute('iframe', 'allowfullscreen', 'Bool'); return new HTMLPurifier($config); |