commit a7e74fe9d9b23d3531ce12294dba2002d398306e
Author: Richard Mansfield <email address hidden>
Date: Wed Mar 28 11:40:18 2012 +1300
Fix overly permissive SafeIframeRegexp in htmlpurifier (bug #922360)
Dots in the list of safe iframe sources are not escaped before use in
the regular expression passed to htmlpurifier, but they should be
because of their special meaning inside patterns. This will prevent
people from registering domains like 'www-youtube.com' and
'playerxvimeo.com' and embedding iframes from those sites in their
pages.
Change-Id: I94ceedd77172cbb6650efad0ab7edfae92f5f7e8
Signed-off-by: Richard Mansfield <email address hidden>
Reviewed: https:/ /reviews. mahara. org/1126 gitorious. org/mahara/ mahara/ commit/ a7e74fe9d9b23d3 531ce12294dba20 02d398306e
Committed: http://
Submitter: Francois Marier (<email address hidden>)
Branch: master
commit a7e74fe9d9b23d3 531ce12294dba20 02d398306e
Author: Richard Mansfield <email address hidden>
Date: Wed Mar 28 11:40:18 2012 +1300
Fix overly permissive SafeIframeRegexp in htmlpurifier (bug #922360)
Dots in the list of safe iframe sources are not escaped before use in eo.com' and embedding iframes from those sites in their
the regular expression passed to htmlpurifier, but they should be
because of their special meaning inside patterns. This will prevent
people from registering domains like 'www-youtube.com' and
'playerxvim
pages.
Change-Id: I94ceedd77172cb b6650efad0ab7ed fae92f5f7e8
Signed-off-by: Richard Mansfield <email address hidden>