Use htmlpurifier in external media block

Bug #971289 reported by Richard Mansfield
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Wishlist
Richard Mansfield

Bug Description

We should remove custom parsing code from the external media block where possible, and just let HTML Purifier filter the code when we detect that the user has pasted embed code (as opposed to just a URL). This will remove code duplication.

See https://wiki.mahara.org/index.php/Developer_Area/Specifications_in_Development/External_media_block_extension

Changed in mahara:
milestone: none → 1.6.0
Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/1140
Committed: http://gitorious.org/mahara/mahara/commit/c5753d29f59f14e8d8a1c6b5a94c2d456f46e724
Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit c5753d29f59f14e8d8a1c6b5a94c2d456f46e724
Author: Richard Mansfield <email address hidden>
Date: Mon Apr 2 16:52:01 2012 +1200

    Use htmlpurifier in external media block (bug #971289)

    Now that SafeEmbed and SafeIframe options of htmlpurifier are enabled,
    the external media block can make use of them, rather than always
    trying to parse and generate iframe and embed code for the supported
    sites.

    Any html pasted into the block configuration form is now allowed to
    fall through to be sanitised by htmlpurfier, so the site-wide list of
    allowed iframe sites will be used rather than the existing list of
    supported sites in the external media block.

    Valid URLs pasted into the configuration form are still processed by
    the various media_sources regular expressions in
    blocktype/externalvideo/media_sources/*/mediasource.php, but the
    regexes that were previously designed to operate on embed/iframe code
    have been removed, and the remaining ones have been modified to match
    at the beginning of a url only.

    When a URL is entered, and the block saved, the embed/iframe code to
    be used when rendering the block is generated immediately, and
    subsequent edits of the block will reveal only the generated
    embed/iframe html. The render_instance function will still generate
    the required embed code for old blocks that haven't been reconfigured
    yet.

    The glogster scraping code is also tightened slightly to ensure that a
    URL is returned.

    See https://wiki.mahara.org/index.php/Developer_Area/Specifications_in_Development/External_media_block_extension

    Change-Id: I7024ab946f8a6965e78730eb1daa3441f220a10b
    Signed-off-by: Richard Mansfield <email address hidden>

Changed in mahara:
status: In Progress → Fix Committed
Melissa Draper (melissa)
tags: added: newfeature1.6
Revision history for this message
Hugh Davenport (hugh-davenport) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 status fixreleased
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iJwEAQECAAYFAlCbHO8ACgkQuMoJ2LQ3zxH8TAP/YN4BiCJZsn5a899/0UzV31Qg
lM8LXAwZWa6zFv6t0BQUHCqe6eFK9wPp51qgCWWXjUZ3vvvVcsyeWp6626aBFKSU
pCQXI9E7huPw802nJQ9WcZXRBUmgw87ww72Tx4mybnu7SPSrkZgXdnPGSMwDs89N
oWvTpl7Xuac48e6p0lU=
=ouU+
-----END PGP SIGNATURE-----

Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.