Whitelisted iframes don't show up with Sanitizer

Question

Whitelisted iframes don't show up with Sanitizer

GoogleCodeExporter opened this issue 9 years ago · 2 comments

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Use Pagedown Sanitizer
2. Add 'iframe' to basic_tag_whitelist
3. Still unable to see contents of iframe in generated preview

What is the expected output? What do you see instead?
- an Iframe

What version of the product are you using? On what operating system?
- Latest, W8.1, Chrome latest

Please provide any additional information below.
That's about it - just trying to use the sanitizer with iframes.

Original issue reported on code.google.com by mga2...@gmail.com on 30 Nov 2013 at 2:31

Answer 1 · 2015-08-25T22:02:02.000Z

sample iframe (I think it's because the iframe isn't immediately closed): 

<iframe width="560" height="315" src="//www.youtube.com/embed/xHUQ5C_yMo4" 
frameborder="0" allowfullscreen></iframe>  <p>ss</p>

Original comment by mga2...@gmail.com on 30 Nov 2013 at 2:34

Answer 2 · 2015-08-25T22:02:02.000Z

If you just add "iframe" to the tag whitelist, all you're whitelisting is

    <iframe></iframe>

If you want to be able to have attributes, you have to explicitly allow any 
combination you want (look at how it's done with images for an example).

Like every sanitizer should, this one disallows everything by default.

Original comment by b...@stackoverflow.com on 30 Nov 2013 at 8:39

Changed state: Invalid