strip_harmful_tags: remove data- attributes

[tt-rss.git] / plugins / no_iframes / init.php

diff --git a/plugins/no_iframes/init.php b/plugins/no_iframes/init.php
index c66d7abafa718f9f0349307f50566f83aa5dd2cb..18cc3ba17f76ea13a62abc63ca1e0c7ceeaec778 100644 (file)
--- a/plugins/no_iframes/init.php
+++ b/plugins/no_iframes/init.php
@@ -4,7 +4,7 @@ class No_Iframes extends Plugin {
 
        function about() {
                return array(1.0,
-                       "Remove embedded iframes",
+                       "Remove embedded iframes (unless whitelisted)",
                        "fox");
        }
 
@@ -14,9 +14,18 @@ class No_Iframes extends Plugin {
                $host->add_hook($host::HOOK_SANITIZE, $this);
        }
 
+       /**
+        * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+        */
        function hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes) {
 
-               $allowed_elements = array_diff($allowed_elements, array("iframe"));
+               $xpath = new DOMXpath($doc);
+               $entries = $xpath->query('//iframe');
+
+               foreach ($entries as $entry) {
+                       if (!iframe_whitelisted($entry))
+                               $entry->parentNode->removeChild($entry);
+               }
 
                return array($doc, $allowed_elements, $disallowed_attributes);
        }
@@ -25,5 +34,4 @@ class No_Iframes extends Plugin {
                return 2;
        }
 
-}
-?>
+}
\ No newline at end of file