-
Richard Mansfield authored
Dots in the list of safe iframe sources are not escaped before use in the regular expression passed to htmlpurifier, but they should be because of their special meaning inside patterns. This will prevent people from registering domains like 'www-youtube.com' and 'playerxvimeo.com' and embedding iframes from those sites in their pages. Change-Id: I94ceedd77172cbb6650efad0ab7edfae92f5f7e8 Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>
a7e74fe9