From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 25 Nov 2014 15:40:19 +0000 (+0300)
Subject: no_iframes: remove everything except good iframes
X-Git-Tag: 1.15~9
X-Git-Url: https://git.wh0rd.org/?p=tt-rss.git;a=commitdiff_plain;h=e8a0d290c0622d8f1d008e92c4bc56fd701a8b68

no_iframes: remove everything except good iframes
---

diff --git a/plugins/no_iframes/init.php b/plugins/no_iframes/init.php
index c66d7aba..35f7187f 100644
--- a/plugins/no_iframes/init.php
+++ b/plugins/no_iframes/init.php
@@ -4,7 +4,7 @@ class No_Iframes extends Plugin {
 
 	function about() {
 		return array(1.0,
-			"Remove embedded iframes",
+			"Remove embedded iframes (unless whitelisted)",
 			"fox");
 	}
 
@@ -16,7 +16,13 @@ class No_Iframes extends Plugin {
 
 	function hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes) {
 
-		$allowed_elements = array_diff($allowed_elements, array("iframe"));
+		$xpath = new DOMXpath($doc);
+		$entries = $xpath->query('//iframe');
+
+		foreach ($entries as $entry) {
+			if (!iframe_whitelisted($entry))
+				$entry->parentNode->removeChild($entry);
+		}
 
 		return array($doc, $allowed_elements, $disallowed_attributes);
 	}