Mahara

  1. Bug #922360
  2. Comment #3

Comment 3 for bug 922360

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/1125
Committed: http://gitorious.org/mahara/mahara/commit/8947151000b6cd11c66656884541b7b766cf707d
Submitter: Francois Marier (<email address hidden>)
Branch: 1.5_STABLE

commit 8947151000b6cd11c66656884541b7b766cf707d
Author: Richard Mansfield <email address hidden>
Date: Wed Mar 28 11:40:18 2012 +1300

    Fix overly permissive SafeIframeRegexp in htmlpurifier (bug #922360)

    Dots in the list of safe iframe sources are not escaped before use in
    the regular expression passed to htmlpurifier, but they should be
    because of their special meaning inside patterns. This will prevent
    people from registering domains like 'www-youtube.com' and
    'playerxvimeo.com' and embedding iframes from those sites in their
    pages.

    Change-Id: I94ceedd77172cbb6650efad0ab7edfae92f5f7e8
    Signed-off-by: Richard Mansfield <email address hidden>