Commit c742ead0 authored by Dale Smith's avatar Dale Smith Committed by Aaron Wells

Adding 'allowfullscreen' to iframe elements in htmlpurifier

Bug 1534081

  * This alters the default allowed attributes for iframe and adds:
    - allowfullscreen
    - mozallowfullscreen
    - webkitallowfullscreen
    All are allowed 0, 1 or empty values.
  * This resolves issues with vimeo and youtube, who require these attributes before
    showing the fullscreen icon: https://developer.vimeo.com/player/embedding

behatnotneeded: Can't test Flash with behat

Change-Id: Ie57c3c3968c4f7cd58a544135351ef506aa6be11
parent eae645a9
......@@ -88,7 +88,7 @@ class PluginBlocktypeExternalvideo extends SystemBlocktype {
$width = (int) $width;
$height = (int) $height;
$url = hsc($url);
return '<iframe width="' . $width . '" height="' . $height . '" src="' . $url . '" frameborder=0></iframe>';
return '<iframe width="' . $width . '" height="' . $height . '" src="' . $url . '" frameborder=0 allowfullscreen mozallowfullscreen webkitallowfullscreen></iframe>';
}
public static function render_instance(BlockInstance $instance, $editing=false) {
......
......@@ -3927,5 +3927,11 @@ function xmldb_core_upgrade($oldversion=0) {
}
}
if ($oldversion < 2014092332) {
log_debug('Clear the HTMLPurifier cache');
require_once(get_config('docroot') . 'lib/file.php');
rmdirr(get_config('dataroot') . 'htmlpurifier');
}
return $status;
}
......@@ -16,7 +16,7 @@ $config = new stdClass();
// See https://wiki.mahara.org/wiki/Developer_Area/Version_Numbering_Policy
// For upgrades on stable branches, increment the version by one. On master, use the date.
$config->version = 2014092331;
$config->version = 2014092332;
$config->series = '1.10';
$config->release = '1.10.9testing';
$config->minupgradefrom = 2009022600;
......
......@@ -194,7 +194,7 @@ EOF;
tinyMCE.init({
{$tinymceconfig}
schema: 'html4',
extended_valid_elements : "object[width|height|classid|codebase],param[name|value],embed[src|type|width|height|flashvars|wmode],script[src,type,language],+ul[id|type|compact],iframe[src|width|height|align|title|class|type|frameborder|allowfullscreen]",
extended_valid_elements : "object[width|height|classid|codebase],param[name|value],embed[src|type|width|height|flashvars|wmode],script[src,type,language],+ul[id|type|compact],iframe[src|width|height|name|scrolling|frameborder|allowfullscreen|webkitallowfullscreen|mozallowfullscreen|longdesc|marginheight|marginwidth|align|title|class|type]",
urlconverter_callback : "custom_urlconvert",
language: '{$language}',
directionality: "{$tinymce_langdir}",
......@@ -3301,6 +3301,28 @@ function clean_html($text, $xhtml=false) {
if ($def = $config->maybeGetRawHTMLDefinition()) {
$def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');
# Allow iframes with custom attributes such as fullscreen
# This overrides lib/htmlpurifier/HTMLPurifier/HTMLModule/Iframe.php
$def->addElement(
'iframe',
'Inline',
'Flow',
'Common',
array(
'src' => 'URI#embedded',
'width' => 'Length',
'height' => 'Length',
'name' => 'ID',
'scrolling' => 'Enum#yes,no,auto',
'frameborder' => 'Enum#0,1',
'allowfullscreen' => 'Enum#,0,1',
'webkitallowfullscreen' => 'Enum#,0,1',
'mozallowfullscreen' => 'Enum#,0,1',
'longdesc' => 'URI',
'marginheight' => 'Pixels',
'marginwidth' => 'Pixels',
)
);
// allow the tags used with image map to be rendered
// see http://htmlpurifier.org/phorum/read.php?3,5046
$def->addAttribute('img', 'usemap', 'CDATA');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment