Use htmlpurifier in external media block

Bug #971289 reported by Richard Mansfield on 2012-04-02
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Richard Mansfield

Bug Description

We should remove custom parsing code from the external media block where possible, and just let HTML Purifier filter the code when we detect that the user has pasted embed code (as opposed to just a URL). This will remove code duplication.


Changed in mahara:
milestone: none → 1.6.0

Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit c5753d29f59f14e8d8a1c6b5a94c2d456f46e724
Author: Richard Mansfield <email address hidden>
Date: Mon Apr 2 16:52:01 2012 +1200

    Use htmlpurifier in external media block (bug #971289)

    Now that SafeEmbed and SafeIframe options of htmlpurifier are enabled,
    the external media block can make use of them, rather than always
    trying to parse and generate iframe and embed code for the supported

    Any html pasted into the block configuration form is now allowed to
    fall through to be sanitised by htmlpurfier, so the site-wide list of
    allowed iframe sites will be used rather than the existing list of
    supported sites in the external media block.

    Valid URLs pasted into the configuration form are still processed by
    the various media_sources regular expressions in
    blocktype/externalvideo/media_sources/*/mediasource.php, but the
    regexes that were previously designed to operate on embed/iframe code
    have been removed, and the remaining ones have been modified to match
    at the beginning of a url only.

    When a URL is entered, and the block saved, the embed/iframe code to
    be used when rendering the block is generated immediately, and
    subsequent edits of the block will reveal only the generated
    embed/iframe html. The render_instance function will still generate
    the required embed code for old blocks that haven't been reconfigured

    The glogster scraping code is also tightened slightly to ensure that a
    URL is returned.


    Change-Id: I7024ab946f8a6965e78730eb1daa3441f220a10b
    Signed-off-by: Richard Mansfield <email address hidden>

Changed in mahara:
status: In Progress → Fix Committed
Melissa Draper (melissa) on 2012-09-17
tags: added: newfeature1.6

Hash: SHA1

 status fixreleased
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints