Google Git
Sign in
gerrit / gitiles / ee0b06edc0b46bea1c78e5bd3bdc2a70a39688eb
commitee0b06edc0b46bea1c78e5bd3bdc2a70a39688eb[log] [tgz]
authorShawn Pearce <sop@google.com>Fri Feb 13 00:13:01 2015 -0800
committerShawn Pearce <sop@google.com>Fri Feb 13 22:21:38 2015 -0800
treefba90836e1920c37d2c04aa669eb3816ac6c3849
parent9119b64c6f6bba5f979c89cc93ac7695efb60bfd [diff]
Markdown: optionally allow limited <iframe> tags

Allow the Gitiles administrator to set markdown.allowiframe to
a list of http:// or https:// URL prefixes that are considered
trustworthy enough to be embedded inside of iframes within the
markdown served by this Gitiles instance.

Implement a new strict parser for the <iframe> element inside of
the markdown extension, pulling out only the src, height and width
attributes. Other iframe attributes will cause the entire element
to be recognized as raw HTML and dropped by the parser and formatter.

Apply strict validation on the src attribute, dropping the iframe
if it is not acceptable.

Change-Id: I7d5decd9f0dbfa2acf1e4f59e571ac5518067d4a
7 files changed
tree: fba90836e1920c37d2c04aa669eb3816ac6c3849
  1. .settings/
  2. gitiles-dev/
  3. gitiles-servlet/
  4. gitiles-war/
  5. lib/
  6. tools/
  7. bucklets
  8. .buckversionbucklets/buckversion
  9. .watchmanconfigbucklets/watchmanconfig
  10. fake_pom_install.xmlfake_pom_deploy.xml
  11. .buckconfig
  12. .gitignore
  13. .gitmodules
  14. BUCK
  15. bucklets.defs
  16. COPYING
  17. fake_pom_deploy.xml
  18. README
  19. VERSION