diff options
-rw-r--r-- | CHANGELOG | 5 | ||||
-rw-r--r-- | dependencyinjection/dicontainer.php | 3 |
2 files changed, 8 insertions, 0 deletions
@@ -1,3 +1,8 @@ +ownCloud-news (0.97) + +* Fix XSS vulnerability in sanitation +* Properly show embedded vimeo and youtube videos + ownCloud-news (0.96) * Always open links in new tabs diff --git a/dependencyinjection/dicontainer.php b/dependencyinjection/dicontainer.php index b1f8855ca..71a0779bd 100644 --- a/dependencyinjection/dicontainer.php +++ b/dependencyinjection/dicontainer.php @@ -94,6 +94,9 @@ class DIContainer extends BaseContainer { $config = \HTMLPurifier_Config::createDefault(); $config->set('Cache.SerializerPath', $directory); + $config->set('HTML.SafeIframe', true); + $config->set('URI.SafeIframeRegexp', + '%^http://(www.youtube(?:-nocookie)?.com/embed/|player.vimeo.com/video/)%'); //allow YouTube and Vimeo return new \HTMLPurifier($config); }); |