Changeset 2146 for plugins/apostrophePlugin/trunk/lib/form/BaseaMediaVideoEmbedForm.class.php

Timestamp:

09/08/10 12:02:13 (21 months ago)

Author:

tboutell

Message:

Added iframe to the list of tags allowed for media embed code purposes. It is an increasingly popular choice and has good cross-browser scripting protections, so there's really no reason to forbid it. We thought about allowing 'script' but it can be quite nasty and it's also not clear at all how to rewrite the width and height of the embedded gadget with 'script'

Files:

• plugins/apostrophePlugin/trunk/lib/form/BaseaMediaVideoEmbedForm.class.php (modified) (1 diff)

plugins/apostrophePlugin/trunk/lib/form/BaseaMediaVideoEmbedForm.class.php

@@ -25 +25 @@
   {
     // Don't let this become a way to embed arbitrary HTML
-    $value = trim(strip_tags($value, "<embed><object><param><applet>"));
+    $value = trim(strip_tags($value, "<embed><object><param><applet><iframe>"));
     // Kill any text outside of tags
     if (preg_match_all("/<.*?>/", $value, $matches))