Reviewed: https://reviews.mahara.org/c/mahara/+/13229 Committed: https://git.mahara.org/mahara/mahara/commit/3611d15a8d3704508e858059ccd347a06ba6a2ed Submitter: "Robert Lyon <[email protected]>" Branch: main
commit 3611d15a8d3704508e858059ccd347a06ba6a2ed Author: Nathan Nguyen <[email protected]> Date: Thu Oct 13 14:22:36 2022 +1100 Bug#1992702 add style as allowed attribute for iframe HTML purifier remove style attribute from iframe. Some embed contents (such as those generated from Canva) require 'style' so that they can be displayed properly Change-Id: Ie66616d8a17177f342389165954e13015d1dd26b -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: mahara-contributors https://bugs.launchpad.net/bugs/1992702 Title: Allow a certain style attribute in HTMLPurifier for Canva iframe Status in Mahara: Fix Committed Bug description: We have embed code generated by Canva However, Htmlpurifier removes 'style' attribute on iframe and hence the embed content is not displayed properly. I am looking to add 'style' as allowed attribute for iframe, but it may have some security implication, refer https://bugs.launchpad.net/mahara/+bug/1843154 There is another option, that is using 'class', but it will require user to change the embed code. Example embed code <div style="position: relative; width: 100%; height: 0; padding-top: 56.2500%; padding-bottom: 0; box-shadow: 0 2px 8px 0 rgba(63,69,81,0.16); margin-top: 1.6em; margin-bottom: 0.9em; overflow: hidden; border-radius: 8px; will-change: transform;"> <iframe loading="lazy" style="position: absolute; width: 100%; height: 100%; top: 0; left: 0; border: none; padding: 0;margin: 0;" src="https://sourceurl"; allowfullscreen="allowfullscreen" allow="fullscreen"> </iframe> </div> To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1992702/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
