Commit 374f6a48 authored by Matija Obreza's avatar Matija Obreza

Allow youtube and vimeo videos in iframes (OWASP sanitizer rules)

parent 324f3541
...@@ -54,9 +54,17 @@ public class OWASPSanitizer implements HtmlSanitizer { ...@@ -54,9 +54,17 @@ public class OWASPSanitizer implements HtmlSanitizer {
.allowAttributes("align") .allowAttributes("align")
.matching(true, "center", "left", "right", "justify", "char") .matching(true, "center", "left", "right", "justify", "char")
.onElements("p", "table") .onElements("p", "table")
// Iframe attributes
.allowAttributes("width", "height", "frameborder", "webkitallowfullscreen", "mozallowfullscreen", "allowfullscreen")
.onElements("iframe")
// Iframe sources: vimeo and youtube
.allowAttributes("src")
.matching(Pattern.compile("^((https:)?//player\\.vimeo\\.com/|(https:)?//www\\.youtube\\.com/).+"))
.onElements("iframe")
// Elements // Elements
.allowElements("table", "thead", "tbody", "tr", "td", "th", "tfoot", "a", "p", "div", "i", "b", "em", "blockquote", "tt", "strong", "br", "ul", .allowElements("table", "thead", "tbody", "tr", "td", "th", "tfoot", "a", "p", "div", "i", "b", "em", "blockquote", "tt", "strong", "br", "ul",
"ol", "li", "h1", "h2", "h3", "h4", "small", "pre", "code") "ol", "li", "h1", "h2", "h3", "h4", "small", "pre", "code", "iframe")
// Get factory // Get factory
.toFactory(); .toFactory();
......
...@@ -25,8 +25,8 @@ log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %t %5p %c{1}:%L - %m ...@@ -25,8 +25,8 @@ log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %t %5p %c{1}:%L - %m
### set log levels - for more verbose logging change 'info' to 'debug' ### ### set log levels - for more verbose logging change 'info' to 'debug' ###
log4j.rootLogger=warn, stdout log4j.rootLogger=warn, stdout
log4j.category.org.genesys2=info #log4j.category.org.genesys2=info
log4j.category.org.genesys2.server.servlet.controller=debug #log4j.category.org.genesys2.server.servlet.controller=debug
log4j.category.org.hibernate.cfg.Configuration=debug log4j.category.org.hibernate.cfg.Configuration=debug
#log4j.category.org.hibernate.search=debug #log4j.category.org.hibernate.search=debug
#log4j.category.org.apache.tomcat.jdbc.pool=debug #log4j.category.org.apache.tomcat.jdbc.pool=debug
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment