From: Alexander Ebert Date: Wed, 5 Oct 2016 10:56:32 +0000 (+0200) Subject: Strip iframes from source X-Git-Tag: 3.0.0_Beta_3~50^2~89 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3a13509ff8fca3d8df2c020f2e71c0e9f736d835;p=GitHub%2FWoltLab%2FWCF.git Strip iframes from source --- diff --git a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js index 63a367fe17..2b8fc71d20 100644 --- a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js +++ b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js @@ -19,6 +19,14 @@ $.Redactor.prototype.WoltLabClean = function() { // restore ampersands html = html.replace(/@@@WCF_AMPERSAND@@@/g, '&'); + // remove iframes smuggled into the HTML by the user + // they're removed on the server anyway, but keeping + // them in the wysiwyg may lead to false impressions + var div = elCreate('div'); + div.innerHTML = html; + elBySelAll('iframe', div, elRemove); + html = div.innerHTML; + return html; }).bind(this);