heronyang / pagedown

Automatically exported from code.google.com/p/pagedown
Other
0 stars 0 forks source link

Whitelisted iframes don't show up with Sanitizer #68

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Use Pagedown Sanitizer
2. Add 'iframe' to basic_tag_whitelist
3. Still unable to see contents of iframe in generated preview

What is the expected output? What do you see instead?
- an Iframe

What version of the product are you using? On what operating system?
- Latest, W8.1, Chrome latest

Please provide any additional information below.
That's about it - just trying to use the sanitizer with iframes.  

Original issue reported on code.google.com by mga2...@gmail.com on 30 Nov 2013 at 2:31

GoogleCodeExporter commented 9 years ago
sample iframe (I think it's because the iframe isn't immediately closed): 

<iframe width="560" height="315" src="//www.youtube.com/embed/xHUQ5C_yMo4" 
frameborder="0" allowfullscreen></iframe>  <p>ss</p> 

Original comment by mga2...@gmail.com on 30 Nov 2013 at 2:34

GoogleCodeExporter commented 9 years ago
If you just add "iframe" to the tag whitelist, all you're whitelisting is

    <iframe></iframe>

If you want to be able to have attributes, you have to explicitly allow any 
combination you want (look at how it's done with images for an example).

Like every sanitizer should, this one disallows everything by default.

Original comment by b...@stackoverflow.com on 30 Nov 2013 at 8:39