** Changed in: mahara
Milestone: 18.04.0 => 18.10.0
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
Rewrite "mixed content" URLs via an HTMLPurifier custom filter
Status in Mahara:
"Mixed content" refers to the scenario where a web page is served via
HTTPS, but it includes assets that are served via an HTTP URL. See
some discussion of this.
In Bug 1463629 we fixed this issue for embedded iframes, by patching
the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that,
in addition to filtering iframes for an allowed set of URLs, it also
transformed them from HTTPS to HTTP if needed.
After having recently done some work on HTMLPurifier for other bugs,
and becoming more familiar with their API, it now becomes apparent to
me that this was a bit of a hack (patching core code should have told
me this anyway). What we should have done is, instead, write up a new
custom URIFilter specifically for rewriting URI's from HTTP to HTTPS
in this way, and used that instead.
Doing it that way will make future HTMLPurifier upgrades easier, by
eliminating the need to patch that file.
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~mahara-contributors
Post to : firstname.lastname@example.org
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp