detect whether browser supports iframe.sandbox and allow iframes accordingly; allow...

author Andrew Dolgov <fox@madoka.volgo-balt.ru>

Tue, 19 Mar 2013 08:49:55 +0000 (12:49 +0400)

committer Andrew Dolgov <fox@madoka.volgo-balt.ru>

Tue, 19 Mar 2013 08:49:55 +0000 (12:49 +0400)
author Andrew Dolgov <fox@madoka.volgo-balt.ru>
Tue, 19 Mar 2013 08:49:55 +0000 (12:49 +0400)
committer Andrew Dolgov <fox@madoka.volgo-balt.ru>
Tue, 19 Mar 2013 08:49:55 +0000 (12:49 +0400)
diff --git a/classes/rpc.php b/classes/rpc.php

index 5d77b1ae8530aa2344c101334d41de391e64ca9c..b297bbade5e3f2dd50a7fafa1d3f47aef87d5913 100644 (file)
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -285,6 +285,7 @@ class RPC extends Handler_Protected {
  
         function sanityCheck() {
                 $_SESSION["hasAudio"] = $_REQUEST["hasAudio"] === "true";
+               $_SESSION["hasSandbox"] = $_REQUEST["hasSandbox"] === "true";
  
                 $reply = array();
  
diff --git a/include/functions.php b/include/functions.php

index 0e5d15eaffbcc7e5f08ea5b0300c46cec7bcde6b..50bdc13ae644d3ffc0d92fe7495b24d43a0c5e0c 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -2626,7 +2626,9 @@
  
                 $allowed_elements = array('p', 'br', 'div', 'table', 'tr', 'td', 'th',
                         'ul', 'ol', 'li', 'blockquote', 'span', 'html', 'body', 'a', 'img',
-                       'iframe', 'video', 'audio', 'source');
+                       'video', 'audio', 'source', 'object', 'embed');
+
+               if ($_SESSION['hasSandbox']) array_push($allowed_elements, 'iframe');
  
                 $disallowed_attributes = array('id', 'style', 'class');
  
diff --git a/js/tt-rss.js b/js/tt-rss.js

index 5ada64d316309c1b2affc6bcf95588841cf56a72..5968f58eb69dc229999101b4b28af41a596fd105 100644 (file)
--- a/js/tt-rss.js
+++ b/js/tt-rss.js
@@ -244,9 +244,11 @@ function init() {
                 loading_set_progress(20);
  
                 var hasAudio = !!((myAudioTag = document.createElement('audio')).canPlayType);
+               var hasSandbox = "sandbox" in document.createElement("iframe");
  
                 new Ajax.Request("backend.php", {
-                       parameters: {op: "rpc", method: "sanityCheck", hasAudio: hasAudio},
+                       parameters: {op: "rpc", method: "sanityCheck", hasAudio: hasAudio,
+                               hasSandbox: hasSandbox},
                         onComplete: function(transport) {
                                         backend_sanity_check_callback(transport);
                                 } });
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Tue, 19 Mar 2013 08:49:55 +0000 (12:49 +0400)
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Tue, 19 Mar 2013 08:49:55 +0000 (12:49 +0400)
classes/rpc.php		patch \| blob \| history
include/functions.php		patch \| blob \| history
js/tt-rss.js		patch \| blob \| history