Commit 49d1c1b9 authored by Cecilia Vela Gurovic's avatar Cecilia Vela Gurovic
Browse files

Bug 1563641: "mixed content" URLs via an HTMLPurifier custom filter

behatnotneeded

Change-Id: I8c3b5facad985b997848f93a50398a397922f4af
parent 597fdaac
......@@ -64,13 +64,6 @@ class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter
if (!preg_match($this->regexp, $uri->toString())) {
return false;
}
// Make sure that if we're an HTTPS site, the iframe is also HTTPS
if (is_https() && $uri->scheme == 'http') {
// Convert it to a protocol-relative URL
$uri->scheme = null;
}
return $uri;
}
}
......
<?php
class HTMLPurifier_URIFilter_MixedContent extends HTMLPurifier_URIFilter {
public $name = 'MixedContent';
public function filter(&$uri, $config, $context) {
// Make sure that if we're an HTTPS site, the iframe is also HTTPS
if (is_https() && $uri->scheme == 'http') {
// Convert it to a protocol-relative URL
$uri->scheme = null;
}
return $uri;
}
}
......@@ -3848,6 +3848,10 @@ function clean_html($text, $xhtml=false) {
$config->set('Filter.Custom', $customfilters);
}
require_once('htmlpurifiercustom/MixedContent.php');
$uri = $config->getDefinition('URI');
$uri->addFilter(new HTMLPurifier_URIFilter_MixedContent(), $config);
if ($def = $config->maybeGetRawHTMLDefinition()) {
$def->addAttribute('a', 'target', 'Enum#_blank,_self');
# Allow iframes with custom attributes such as fullscreen
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment