1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 14:00:56 +01:00

Fix XSS hole in YouTube remarkup rule

Summary:
The source wasn't properly escaped.

Test Plan:
Made a comment like "http://youtube.com/?v="></iframe><h1>!!!</h1>"

Reviewed By: mroch
Reviewers: tomo, mroch, tuomaspelkonen, aran, jungejason
CC: aran, mroch
Differential Revision: 516
This commit is contained in:
epriestley 2011-06-24 10:43:57 -07:00
parent fe04d8bf70
commit 4bfbd209b2
2 changed files with 13 additions and 6 deletions

View file

@ -38,12 +38,18 @@ class PhabricatorRemarkupRuleYoutube
if ($v) {
$youtube_src = 'https://www.youtube.com/embed/'.$v;
$iframe =
'<div class="embedded-youtube-video">
<iframe width="650" height="400" '.
'style="margin: 1em auto; border: 0px" '.
'src="'.$youtube_src.'" '.
'frameborder="0"></iframe>
</div>';
'<div class="embedded-youtube-video">'.
phutil_render_tag(
'iframe',
array(
'width' => '650',
'height' => '400',
'style' => 'margin: 1em auto; border: 0px;',
'src' => $youtube_src,
'frameborder' => 0,
),
'').
'</div>';
return $this->getEngine()->storeText($iframe);
} else {
return $this->uri;

View file

@ -6,6 +6,7 @@
phutil_require_module('phutil', 'markup');
phutil_require_module('phutil', 'markup/engine/remarkup/markuprule/base');
phutil_require_module('phutil', 'parser/uri');
phutil_require_module('phutil', 'utils');