Commit b2906aba authored by Matija Obreza's avatar Matija Obreza
Browse files

Allow youtube and vimeo videos in iframes (OWASP sanitizer rules)

parent edb4cacf
......@@ -54,9 +54,17 @@ public class OWASPSanitizer implements HtmlSanitizer {
.allowAttributes("align")
.matching(true, "center", "left", "right", "justify", "char")
.onElements("p", "table")
// Iframe attributes
.allowAttributes("width", "height", "frameborder", "webkitallowfullscreen", "mozallowfullscreen", "allowfullscreen")
.onElements("iframe")
// Iframe sources: vimeo and youtube
.allowAttributes("src")
.matching(Pattern.compile("^((https:)?//player\\.vimeo\\.com/|(https:)?//www\\.youtube\\.com/).+"))
.onElements("iframe")
// Elements
.allowElements("table", "thead", "tbody", "tr", "td", "th", "tfoot", "a", "p", "div", "i", "b", "em", "blockquote", "tt", "strong", "br", "ul",
"ol", "li", "h1", "h2", "h3", "h4", "small", "pre", "code")
"ol", "li", "h1", "h2", "h3", "h4", "small", "pre", "code", "iframe")
// Get factory
.toFactory();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment