Allow support for allowlisted iframe sources in Content\text\BBCode::convert
- Support Youtube, Vimeo and unused local embeds
This commit is contained in:
parent
ec0c9dcdb1
commit
0781f28ca6
1 changed files with 8 additions and 0 deletions
|
|
@ -1876,6 +1876,14 @@ class BBCode
|
|||
|
||||
$config = \HTMLPurifier_HTML5Config::createDefault();
|
||||
$config->set('HTML.Doctype', 'HTML5');
|
||||
$config->set('HTML.SafeIframe', true);
|
||||
$config->set('URI.SafeIframeRegexp', '%^(?:
|
||||
https://www.youtube.com/embed/
|
||||
|
|
||||
https://player.vimeo.com/video/
|
||||
|
|
||||
' . DI::baseUrl() . '/oembed/ # Has to change with the source in Content\Oembed::iframe
|
||||
)%xi');
|
||||
$config->set('Attr.AllowedRel', [
|
||||
'noreferrer' => true,
|
||||
'noopener' => true,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue