Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Genesys PGR
Genesys Backend
Commits
b2906aba
Commit
b2906aba
authored
Dec 01, 2015
by
Matija Obreza
Browse files
Allow youtube and vimeo videos in iframes (OWASP sanitizer rules)
parent
edb4cacf
Changes
1
Hide whitespace changes
Inline
Side-by-side
src/main/java/org/genesys2/server/service/impl/OWASPSanitizer.java
View file @
b2906aba
...
...
@@ -54,9 +54,17 @@ public class OWASPSanitizer implements HtmlSanitizer {
.
allowAttributes
(
"align"
)
.
matching
(
true
,
"center"
,
"left"
,
"right"
,
"justify"
,
"char"
)
.
onElements
(
"p"
,
"table"
)
// Iframe attributes
.
allowAttributes
(
"width"
,
"height"
,
"frameborder"
,
"webkitallowfullscreen"
,
"mozallowfullscreen"
,
"allowfullscreen"
)
.
onElements
(
"iframe"
)
// Iframe sources: vimeo and youtube
.
allowAttributes
(
"src"
)
.
matching
(
Pattern
.
compile
(
"^((https:)?//player\\.vimeo\\.com/|(https:)?//www\\.youtube\\.com/).+"
))
.
onElements
(
"iframe"
)
// Elements
.
allowElements
(
"table"
,
"thead"
,
"tbody"
,
"tr"
,
"td"
,
"th"
,
"tfoot"
,
"a"
,
"p"
,
"div"
,
"i"
,
"b"
,
"em"
,
"blockquote"
,
"tt"
,
"strong"
,
"br"
,
"ul"
,
"ol"
,
"li"
,
"h1"
,
"h2"
,
"h3"
,
"h4"
,
"small"
,
"pre"
,
"code"
)
"ol"
,
"li"
,
"h1"
,
"h2"
,
"h3"
,
"h4"
,
"small"
,
"pre"
,
"code"
,
"iframe"
)
// Get factory
.
toFactory
();
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment