mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-23 23:20:57 +01:00
Merge pull request #499 from vichan-devel/xss-embed
Removed regex with possibiblity of XSS
This commit is contained in:
commit
ec8ae76d43
@ -1079,9 +1079,10 @@
|
||||
|
||||
// Custom embedding (YouTube, vimeo, etc.)
|
||||
// It's very important that you match the entire input (with ^ and $) or things will not work correctly.
|
||||
// Be careful when creating a new embed, because depending on the URL you end up exposing yourself to an XSS.
|
||||
$config['embedding'] = array(
|
||||
array(
|
||||
'/^https?:\/\/(\w+\.)?youtube\.com\/watch\?v=([a-zA-Z0-9\-_]{10,11})(&.+)?$/i',
|
||||
'/^https?:\/\/(\w+\.)?youtube\.com\/watch\?v=([a-zA-Z0-9\-_]{10,11})?$/i',
|
||||
'<iframe style="float: left; margin: 10px 20px;" width="%%tb_width%%" height="%%tb_height%%" frameborder="0" id="ytplayer" src="https://www.youtube.com/embed/$2"></iframe>'
|
||||
),
|
||||
array(
|
||||
|
Loading…
Reference in New Issue
Block a user