revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 22:10:55 +01:00
Code Issues Releases Wiki Activity

Fix XSS hole in YouTube remarkup rule

Browse source 
Summary:
The source wasn't properly escaped.

Test Plan:
Made a comment like "http://youtube.com/?v="></iframe><h1>!!!</h1>"

Reviewed By: mroch
Reviewers: tomo, mroch, tuomaspelkonen, aran, jungejason
CC: aran, mroch
Differential Revision: 516
This commit is contained in:
epriestley 2011-06-24 10:43:57 -07:00
parent fe04d8bf70
commit 4bfbd209b2
2 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/infrastructure/markup/remarkup/markuprule/youtube/PhabricatorRemarkupRuleYoutube.php
View file

@ -38,12 +38,18 @@ class PhabricatorRemarkupRuleYoutube
if ($v) { if ($v) {
$youtube_src = 'https://www.youtube.com/embed/'.$v; $youtube_src = 'https://www.youtube.com/embed/'.$v;
$iframe = $iframe =
'<div class="embedded-youtube-video"> '<div class="embedded-youtube-video">'.
<iframe width="650" height="400" '. phutil_render_tag(
'style="margin: 1em auto; border: 0px" '. 'iframe',
'src="'.$youtube_src.'" '. array(
'frameborder="0"></iframe> 'width' => '650',
</div>'; 'height' => '400',
'style' => 'margin: 1em auto; border: 0px;',
'src' => $youtube_src,
'frameborder' => 0,
),
'').
'</div>';
return $this->getEngine()->storeText($iframe); return $this->getEngine()->storeText($iframe);
} else { } else {
return $this->uri; return $this->uri;

1
src/infrastructure/markup/remarkup/markuprule/youtube/__init__.php
View file

@ -6,6 +6,7 @@
phutil_require_module('phutil', 'markup');
phutil_require_module('phutil', 'markup/engine/remarkup/markuprule/base'); phutil_require_module('phutil', 'markup/engine/remarkup/markuprule/base');
phutil_require_module('phutil', 'parser/uri'); phutil_require_module('phutil', 'parser/uri');
phutil_require_module('phutil', 'utils'); phutil_require_module('phutil', 'utils');