Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add option for safe iframe hosts using array lookup #423

Merged
merged 2 commits into from
Nov 10, 2024
Merged

feat: Add option for safe iframe hosts using array lookup #423

merged 2 commits into from
Nov 10, 2024

Conversation

elirenato
Copy link
Contributor

Hi,

First of all, thank you for this awesome library.

I would like to know if you would consider adding a new option to use a list of "safe" iframe hosts in addition to SafeIframeRegExp.

I’m also starting to include Docker files to make it easier to bootstrap the development environment. I can remove them if needed.

Thank you

@elirenato elirenato changed the title Added URI.SafeIframeHosts feat: Add option for safe iframe hosts using array lookup Nov 6, 2024
ezyang
ezyang reviewed Nov 7, 2024
View reviewed changes
Dockerfile Outdated Show resolved Hide resolved
@elirenato elirenato force-pushed the add-safe-iframe-hosts-config branch from 9b66bca to d2d87dd Compare November 7, 2024 21:43
ezyang
ezyang reviewed Nov 9, 2024
View reviewed changes
library/HTMLPurifier/URIFilter/SafeIframe.php Outdated
// check if the host is in a whitelist for safe iframe hosts
if ($safeHosts !== null && !isset($safeHosts[$uri->host])) {
return false;
}
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You know what, I was wrong, disjunction actually seems right 🤣 Because it's a whitelist. So you can whitelist some urls with regex and also whitelist some hosts with safe host...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem. I changed it back. Thanks.

@elirenato elirenato force-pushed the add-safe-iframe-hosts-config branch from d2d87dd to 93ec6fd Compare November 9, 2024 19:09
elirenato and others added 2 commits November 9, 2024 11:11
@elirenato
Added URI.SafeIframeHosts
93ec6fd 
* Added new option `URI.SafeIframeHosts` to use an array lookup with whitelisted hosts in conjunction to `URI.SafeIframeRegexp`.
@ezyang
Merge remote-tracking branch 'origin/master' into add-safe-iframe-hos…
f821716 
…ts-config
@ezyang ezyang merged commit b5cbf0c into ezyang:master Nov 10, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ezyang ezyang ezyang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@elirenato @ezyang