mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-01 11:50:28 +02:00
Code Issues Releases Wiki Activity

feat: Add option for safe iframe hosts using array lookup (#423)

Browse Source 
Co-authored-by: Edward Z. Yang <ezyang@meta.com>
This commit is contained in:
Eli Barbosa
2024-11-09 19:02:09 -08:00
committed by GitHub
parent f16ace76cd
commit b5cbf0cc3d
7 changed files with 40 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tests/HTMLPurifier/HTMLT/safe-iframe-youtube-with-array-lookup.htmlt Normal file
View File

@@ -0,0 +1,8 @@
--INI--
HTML.SafeIframe = true
URI.SafeIframeHosts = www.youtube.com
--HTML--
<iframe title="YouTube video player" width="480" height="390" src="http://www.youtube.com/embed/RVtEQxH7PWA" frameborder="0" allowfullscreen></iframe>
--EXPECT--
<iframe title="YouTube video player" width="480" height="390" src="http://www.youtube.com/embed/RVtEQxH7PWA" frameborder="0"></iframe>
--# vim: et sw=4 sts=4

6
tests/HTMLPurifier/Injector/RemoveEmptyTest.php
View File

@@ -115,6 +115,12 @@ class HTMLPurifier_Injector_RemoveEmptyTest extends HTMLPurifier_InjectorHarness
$this->assertResult('<iframe src="http://google.com"></iframe>', '');
}
public function testRemoveDisallowedIframeDeniedByHostsList()
{
$this->config->set('HTML.SafeIframe', true);
$this->config->set('URI.SafeIframeHosts', ['www.youtube.com']);
$this->assertResult('<iframe src="http://maps.google.com"></iframe>', '');
}
}
// vim: et sw=4 sts=4