Mahara

  1. Bug #922360
  2. Comment #2

Comment 2 for bug 922360

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/1126
Committed: http://gitorious.org/mahara/mahara/commit/a7e74fe9d9b23d3531ce12294dba2002d398306e
Submitter: Francois Marier (<email address hidden>)
Branch: master

commit a7e74fe9d9b23d3531ce12294dba2002d398306e
Author: Richard Mansfield <email address hidden>
Date: Wed Mar 28 11:40:18 2012 +1300

    Fix overly permissive SafeIframeRegexp in htmlpurifier (bug #922360)

    Dots in the list of safe iframe sources are not escaped before use in
    the regular expression passed to htmlpurifier, but they should be
    because of their special meaning inside patterns. This will prevent
    people from registering domains like 'www-youtube.com' and
    'playerxvimeo.com' and embedding iframes from those sites in their
    pages.

    Change-Id: I94ceedd77172cbb6650efad0ab7edfae92f5f7e8
    Signed-off-by: Richard Mansfield <email address hidden>