Commit 374f6a48 authored by Matija Obreza's avatar Matija Obreza

Allow youtube and vimeo videos in iframes (OWASP sanitizer rules)

parent 324f3541
......@@ -54,9 +54,17 @@ public class OWASPSanitizer implements HtmlSanitizer {
.allowAttributes("align")
.matching(true, "center", "left", "right", "justify", "char")
.onElements("p", "table")
// Iframe attributes
.allowAttributes("width", "height", "frameborder", "webkitallowfullscreen", "mozallowfullscreen", "allowfullscreen")
.onElements("iframe")
// Iframe sources: vimeo and youtube
.allowAttributes("src")
.matching(Pattern.compile("^((https:)?//player\\.vimeo\\.com/|(https:)?//www\\.youtube\\.com/).+"))
.onElements("iframe")
// Elements
.allowElements("table", "thead", "tbody", "tr", "td", "th", "tfoot", "a", "p", "div", "i", "b", "em", "blockquote", "tt", "strong", "br", "ul",
"ol", "li", "h1", "h2", "h3", "h4", "small", "pre", "code")
"ol", "li", "h1", "h2", "h3", "h4", "small", "pre", "code", "iframe")
// Get factory
.toFactory();
......
......@@ -25,8 +25,8 @@ log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %t %5p %c{1}:%L - %m
### set log levels - for more verbose logging change 'info' to 'debug' ###
log4j.rootLogger=warn, stdout
log4j.category.org.genesys2=info
log4j.category.org.genesys2.server.servlet.controller=debug
#log4j.category.org.genesys2=info
#log4j.category.org.genesys2.server.servlet.controller=debug
log4j.category.org.hibernate.cfg.Configuration=debug
#log4j.category.org.hibernate.search=debug
#log4j.category.org.apache.tomcat.jdbc.pool=debug
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment