[Mahara-contributors] [Bug 1563641] Re: Rewrite "mixed content" URLs via an HTMLPurifier custom filter
** Changed in: mahara Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1563641 Title: Rewrite "mixed content" URLs via an HTMLPurifier custom filter Status in Mahara: Fix Released Bug description: "Mixed content" refers to the scenario where a web page is served via HTTPS, but it includes assets that are served via an HTTP URL. See https://developer.mozilla.org/en-US/docs/Security/Mixed_content for some discussion of this. In Bug 1463629 we fixed this issue for embedded iframes, by patching the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that, in addition to filtering iframes for an allowed set of URLs, it also transformed them from HTTPS to HTTP if needed. After having recently done some work on HTMLPurifier for other bugs, and becoming more familiar with their API, it now becomes apparent to me that this was a bit of a hack (patching core code should have told me this anyway). What we should have done is, instead, write up a new custom URIFilter specifically for rewriting URI's from HTTP to HTTPS in this way, and used that instead. Doing it that way will make future HTMLPurifier upgrades easier, by eliminating the need to patch that file. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1563641/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1563641] Re: Rewrite "mixed content" URLs via an HTMLPurifier custom filter
** Changed in: mahara Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1563641 Title: Rewrite "mixed content" URLs via an HTMLPurifier custom filter Status in Mahara: Fix Committed Bug description: "Mixed content" refers to the scenario where a web page is served via HTTPS, but it includes assets that are served via an HTTP URL. See https://developer.mozilla.org/en-US/docs/Security/Mixed_content for some discussion of this. In Bug 1463629 we fixed this issue for embedded iframes, by patching the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that, in addition to filtering iframes for an allowed set of URLs, it also transformed them from HTTPS to HTTP if needed. After having recently done some work on HTMLPurifier for other bugs, and becoming more familiar with their API, it now becomes apparent to me that this was a bit of a hack (patching core code should have told me this anyway). What we should have done is, instead, write up a new custom URIFilter specifically for rewriting URI's from HTTP to HTTPS in this way, and used that instead. Doing it that way will make future HTMLPurifier upgrades easier, by eliminating the need to patch that file. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1563641/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1563641] Re: Rewrite "mixed content" URLs via an HTMLPurifier custom filter
** Changed in: mahara Status: Confirmed => In Progress -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1563641 Title: Rewrite "mixed content" URLs via an HTMLPurifier custom filter Status in Mahara: In Progress Bug description: "Mixed content" refers to the scenario where a web page is served via HTTPS, but it includes assets that are served via an HTTP URL. See https://developer.mozilla.org/en-US/docs/Security/Mixed_content for some discussion of this. In Bug 1463629 we fixed this issue for embedded iframes, by patching the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that, in addition to filtering iframes for an allowed set of URLs, it also transformed them from HTTPS to HTTP if needed. After having recently done some work on HTMLPurifier for other bugs, and becoming more familiar with their API, it now becomes apparent to me that this was a bit of a hack (patching core code should have told me this anyway). What we should have done is, instead, write up a new custom URIFilter specifically for rewriting URI's from HTTP to HTTPS in this way, and used that instead. Doing it that way will make future HTMLPurifier upgrades easier, by eliminating the need to patch that file. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1563641/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1563641] Re: Rewrite "mixed content" URLs via an HTMLPurifier custom filter
To be revisited when we upgrade HTMLpurifier for 19.04 ** Changed in: mahara Milestone: 18.10.0 => 19.04.0 ** Changed in: mahara Assignee: (unassigned) => Cecilia Vela Gurovic (ceciliavg) -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1563641 Title: Rewrite "mixed content" URLs via an HTMLPurifier custom filter Status in Mahara: Confirmed Bug description: "Mixed content" refers to the scenario where a web page is served via HTTPS, but it includes assets that are served via an HTTP URL. See https://developer.mozilla.org/en-US/docs/Security/Mixed_content for some discussion of this. In Bug 1463629 we fixed this issue for embedded iframes, by patching the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that, in addition to filtering iframes for an allowed set of URLs, it also transformed them from HTTPS to HTTP if needed. After having recently done some work on HTMLPurifier for other bugs, and becoming more familiar with their API, it now becomes apparent to me that this was a bit of a hack (patching core code should have told me this anyway). What we should have done is, instead, write up a new custom URIFilter specifically for rewriting URI's from HTTP to HTTPS in this way, and used that instead. Doing it that way will make future HTMLPurifier upgrades easier, by eliminating the need to patch that file. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1563641/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1563641] Re: Rewrite "mixed content" URLs via an HTMLPurifier custom filter
** Changed in: mahara Milestone: 18.04.0 => 18.10.0 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1563641 Title: Rewrite "mixed content" URLs via an HTMLPurifier custom filter Status in Mahara: Confirmed Bug description: "Mixed content" refers to the scenario where a web page is served via HTTPS, but it includes assets that are served via an HTTP URL. See https://developer.mozilla.org/en-US/docs/Security/Mixed_content for some discussion of this. In Bug 1463629 we fixed this issue for embedded iframes, by patching the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that, in addition to filtering iframes for an allowed set of URLs, it also transformed them from HTTPS to HTTP if needed. After having recently done some work on HTMLPurifier for other bugs, and becoming more familiar with their API, it now becomes apparent to me that this was a bit of a hack (patching core code should have told me this anyway). What we should have done is, instead, write up a new custom URIFilter specifically for rewriting URI's from HTTP to HTTPS in this way, and used that instead. Doing it that way will make future HTMLPurifier upgrades easier, by eliminating the need to patch that file. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1563641/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1563641] Re: Rewrite "mixed content" URLs via an HTMLPurifier custom filter
** Changed in: mahara Milestone: 17.10.0 => 18.04.0 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1563641 Title: Rewrite "mixed content" URLs via an HTMLPurifier custom filter Status in Mahara: Confirmed Bug description: "Mixed content" refers to the scenario where a web page is served via HTTPS, but it includes assets that are served via an HTTP URL. See https://developer.mozilla.org/en-US/docs/Security/Mixed_content for some discussion of this. In Bug 1463629 we fixed this issue for embedded iframes, by patching the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that, in addition to filtering iframes for an allowed set of URLs, it also transformed them from HTTPS to HTTP if needed. After having recently done some work on HTMLPurifier for other bugs, and becoming more familiar with their API, it now becomes apparent to me that this was a bit of a hack (patching core code should have told me this anyway). What we should have done is, instead, write up a new custom URIFilter specifically for rewriting URI's from HTTP to HTTPS in this way, and used that instead. Doing it that way will make future HTMLPurifier upgrades easier, by eliminating the need to patch that file. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1563641/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1563641] Re: Rewrite "mixed content" URLs via an HTMLPurifier custom filter
** Changed in: mahara Assignee: Aaron Wells (u-aaronw) => (unassigned) ** Tags added: htmlpurifier ** Changed in: mahara Importance: Low => Medium ** Changed in: mahara Milestone: 17.04.0 => 17.10.0 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1563641 Title: Rewrite "mixed content" URLs via an HTMLPurifier custom filter Status in Mahara: Confirmed Bug description: "Mixed content" refers to the scenario where a web page is served via HTTPS, but it includes assets that are served via an HTTP URL. See https://developer.mozilla.org/en-US/docs/Security/Mixed_content for some discussion of this. In Bug 1463629 we fixed this issue for embedded iframes, by patching the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that, in addition to filtering iframes for an allowed set of URLs, it also transformed them from HTTPS to HTTP if needed. After having recently done some work on HTMLPurifier for other bugs, and becoming more familiar with their API, it now becomes apparent to me that this was a bit of a hack (patching core code should have told me this anyway). What we should have done is, instead, write up a new custom URIFilter specifically for rewriting URI's from HTTP to HTTPS in this way, and used that instead. Doing it that way will make future HTMLPurifier upgrades easier, by eliminating the need to patch that file. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1563641/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1563641] Re: Rewrite "mixed content" URLs via an HTMLPurifier custom filter
** Changed in: mahara Milestone: 16.10.1 => 17.04.0 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1563641 Title: Rewrite "mixed content" URLs via an HTMLPurifier custom filter Status in Mahara: Confirmed Bug description: "Mixed content" refers to the scenario where a web page is served via HTTPS, but it includes assets that are served via an HTTP URL. See https://developer.mozilla.org/en-US/docs/Security/Mixed_content for some discussion of this. In Bug 1463629 we fixed this issue for embedded iframes, by patching the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that, in addition to filtering iframes for an allowed set of URLs, it also transformed them from HTTPS to HTTP if needed. After having recently done some work on HTMLPurifier for other bugs, and becoming more familiar with their API, it now becomes apparent to me that this was a bit of a hack (patching core code should have told me this anyway). What we should have done is, instead, write up a new custom URIFilter specifically for rewriting URI's from HTTP to HTTPS in this way, and used that instead. Doing it that way will make future HTMLPurifier upgrades easier, by eliminating the need to patch that file. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1563641/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1563641] Re: Rewrite "mixed content" URLs via an HTMLPurifier custom filter
** Changed in: mahara Milestone: 16.10.0 => 16.10.1 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1563641 Title: Rewrite "mixed content" URLs via an HTMLPurifier custom filter Status in Mahara: Confirmed Bug description: "Mixed content" refers to the scenario where a web page is served via HTTPS, but it includes assets that are served via an HTTP URL. See https://developer.mozilla.org/en-US/docs/Security/Mixed_content for some discussion of this. In Bug 1463629 we fixed this issue for embedded iframes, by patching the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that, in addition to filtering iframes for an allowed set of URLs, it also transformed them from HTTPS to HTTP if needed. After having recently done some work on HTMLPurifier for other bugs, and becoming more familiar with their API, it now becomes apparent to me that this was a bit of a hack (patching core code should have told me this anyway). What we should have done is, instead, write up a new custom URIFilter specifically for rewriting URI's from HTTP to HTTPS in this way, and used that instead. Doing it that way will make future HTMLPurifier upgrades easier, by eliminating the need to patch that file. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1563641/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1563641] Re: Rewrite "mixed content" URLs via an HTMLPurifier custom filter
See http://htmlpurifier.org/docs/enduser-uri-filter.html for details about how to write a custom URI filter. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1563641 Title: Rewrite "mixed content" URLs via an HTMLPurifier custom filter Status in Mahara: Confirmed Bug description: "Mixed content" refers to the scenario where a web page is served via HTTPS, but it includes assets that are served via an HTTP URL. See https://developer.mozilla.org/en-US/docs/Security/Mixed_content for some discussion of this. In Bug 1463629 we fixed this issue for embedded iframes, by patching the HTMLPurifier core class HTMLPurifier_URIFilter_SafeIframe so that, in addition to filtering iframes for an allowed set of URLs, it also transformed them from HTTPS to HTTP if needed. After having recently done some work on HTMLPurifier for other bugs, and becoming more familiar with their API, it now becomes apparent to me that this was a bit of a hack (patching core code should have told me this anyway). What we should have done is, instead, write up a new custom URIFilter specifically for rewriting URI's from HTTP to HTTPS in this way, and used that instead. Doing it that way will make future HTMLPurifier upgrades easier, by eliminating the need to patch that file. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1563641/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
