Commit 374f6a48 authored by Matija Obreza's avatar Matija Obreza
Browse files

Allow youtube and vimeo videos in iframes (OWASP sanitizer rules)

parent 324f3541
......@@ -54,9 +54,17 @@ public class OWASPSanitizer implements HtmlSanitizer {
.matching(true, "center", "left", "right", "justify", "char")
.onElements("p", "table")
// Iframe attributes
.allowAttributes("width", "height", "frameborder", "webkitallowfullscreen", "mozallowfullscreen", "allowfullscreen")
// Iframe sources: vimeo and youtube
// Elements
.allowElements("table", "thead", "tbody", "tr", "td", "th", "tfoot", "a", "p", "div", "i", "b", "em", "blockquote", "tt", "strong", "br", "ul",
"ol", "li", "h1", "h2", "h3", "h4", "small", "pre", "code")
"ol", "li", "h1", "h2", "h3", "h4", "small", "pre", "code", "iframe")
// Get factory
......@@ -25,8 +25,8 @@ log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %t %5p %c{1}:%L - %m
### set log levels - for more verbose logging change 'info' to 'debug' ###
log4j.rootLogger=warn, stdout
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment