diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2013-12-04 20:48:53 +0100 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2013-12-04 20:48:53 +0100 |
| commit | e45357a91b9aa47d5b7ead14c174dc7c98ab9926 (patch) | |
| tree | a9e8700a20a017ca87c2d4814d469eec87de670b /app/models/Feed.php | |
| parent | bdfea07d8c511eaa84cb5d32144fe07c43a85f94 (diff) | |
Support contrôlé de iframe, audio, video
Et filtrage de object, embed
https://github.com/marienfressinaud/FreshRSS/issues/188
On ajoute un paramètre preload="none" à audio et video, ainsi qu'un
paramètre sandbox="allow-scripts allow-same-origin" aux iframe.
On interdit les paramètres autoplay et seamless de audio et video.
Ré-écriture des URLS de l'attribut poster de video, ainsi que de
l'attribut src de iframe.
Suite de https://github.com/marienfressinaud/FreshRSS/issues/267
Au passage, filtrage du vieil élément PLAINTEXT.
Modifications dans SimplePie.
Diffstat (limited to 'app/models/Feed.php')
| -rw-r--r-- | app/models/Feed.php | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/app/models/Feed.php b/app/models/Feed.php index 555759c9a..88833c706 100644 --- a/app/models/Feed.php +++ b/app/models/Feed.php @@ -204,15 +204,15 @@ class Feed extends Model { $feed->set_cache_location (CACHE_PATH); $feed->set_cache_duration(1500); $feed->strip_htmltags (array ( - 'base', 'blink', 'body', 'doctype', + 'base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'input', 'marquee', 'meta', 'noscript', - 'param', 'script', 'style' + 'object', 'param', 'plaintext', 'script', 'style', )); $feed->strip_attributes(array_merge($feed->strip_attributes, array( - 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup', + 'autoplay', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup', 'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur', - 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange'))); + 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless'))); $feed->set_url_replacements(array( 'a' => 'href', 'area' => 'href', @@ -220,6 +220,7 @@ class Feed extends Model { 'blockquote' => 'cite', 'del' => 'cite', 'form' => 'action', + 'iframe' => 'src', 'img' => array( 'longdesc', 'src' @@ -229,7 +230,10 @@ class Feed extends Model { 'q' => 'cite', 'source' => 'src', 'track' => 'src', - 'video' => 'src', + 'video' => array( + 'poster', + 'src', + ), )); $feed->init (); @@ -581,7 +585,7 @@ class HelperFeed { $myFeed = new Feed (isset($dao['url']) ? $dao['url'] : '', false); $myFeed->_category ($catID === null ? $dao['category'] : $catID); $myFeed->_name ($dao['name']); - $myFeed->_website ($dao['website']); + $myFeed->_website ($dao['website'], false); $myFeed->_description (isset($dao['description']) ? $dao['description'] : ''); $myFeed->_lastUpdate (isset($dao['lastUpdate']) ? $dao['lastUpdate'] : 0); $myFeed->_priority ($dao['priority']); |