fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Improve filtering of "allow" and "referrerpolicy" attributes of <iframe>

Browse source
This commit is contained in:
Kijin Sung 2023-08-16 22:41:14 +09:00
parent 2f97adb9bb
commit ea345ad7e1
2 changed files with 38 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/unit/framework/filters/HTMLFilterTest.php
View file

@ -118,6 +118,14 @@ class HTMLFilterTest extends \Codeception\TestCase\Test
$target = '<iframe title="Video Test" width="640" height="360" frameborder="0" scrolling="no"></iframe>';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
$source = '<iframe src="https://www.youtube.com/" allow="autoplay; nonexistent; disallowd-feature; encrypted-media; picture-in-picture" allowfullscreen></iframe>';
$target = '<iframe src="https://www.youtube.com/" allow="autoplay; encrypted-media; picture-in-picture" allowfullscreen=""></iframe>';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
$source = '<iframe src="https://www.youtube.com/" referrerpolicy="no-referrer" hello="world"></iframe>';
$target = '<iframe src="https://www.youtube.com/" referrerpolicy="no-referrer"></iframe>';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
$source = '<object type="application/x-shockwave-flash" width="640px" height="360px" align="middle" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,3,0,0">' .
'<param name="movie" value="http://videofarm.daum.net/controller/player/VodPlayer.swf" />' .
'<param name="allowScriptAccess" value="always" />' .