Use htmlpurifier in external media block
Bug #971289 reported by
Richard Mansfield
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Wishlist
|
Richard Mansfield |
Bug Description
We should remove custom parsing code from the external media block where possible, and just let HTML Purifier filter the code when we detect that the user has pasted embed code (as opposed to just a URL). This will remove code duplication.
Changed in mahara: | |
milestone: | none → 1.6.0 |
Changed in mahara: | |
status: | In Progress → Fix Committed |
tags: | added: newfeature1.6 |
To post a comment you must log in.
Reviewed: https:/ /reviews. mahara. org/1140 gitorious. org/mahara/ mahara/ commit/ c5753d29f59f14e 8d8a1c6b5a94c2d 456f46e724
Committed: http://
Submitter: Hugh Davenport (<email address hidden>)
Branch: master
commit c5753d29f59f14e 8d8a1c6b5a94c2d 456f46e724
Author: Richard Mansfield <email address hidden>
Date: Mon Apr 2 16:52:01 2012 +1200
Use htmlpurifier in external media block (bug #971289)
Now that SafeEmbed and SafeIframe options of htmlpurifier are enabled,
the external media block can make use of them, rather than always
trying to parse and generate iframe and embed code for the supported
sites.
Any html pasted into the block configuration form is now allowed to
fall through to be sanitised by htmlpurfier, so the site-wide list of
allowed iframe sites will be used rather than the existing list of
supported sites in the external media block.
Valid URLs pasted into the configuration form are still processed by externalvideo/ media_sources/ */mediasource. php, but the
the various media_sources regular expressions in
blocktype/
regexes that were previously designed to operate on embed/iframe code
have been removed, and the remaining ones have been modified to match
at the beginning of a url only.
When a URL is entered, and the block saved, the embed/iframe code to
be used when rendering the block is generated immediately, and
subsequent edits of the block will reveal only the generated
embed/iframe html. The render_instance function will still generate
the required embed code for old blocks that haven't been reconfigured
yet.
The glogster scraping code is also tightened slightly to ensure that a
URL is returned.
See https:/ /wiki.mahara. org/index. php/Developer_ Area/Specificat ions_in_ Development/ External_ media_block_ extension
Change-Id: I7024ab946f8a69 65e78730eb1daa3 441f220a10b
Signed-off-by: Richard Mansfield <email address hidden>