iframe support?
ryanj opened this issue · 2 comments
Need to consider the security implications for iframes.
Best use-cases:
- videos in presentations
- hacking
Consider allowing a configuration flag that enables site admins to easily include iframes in the HTML element whitelist
Same configuration flag could potentially allow <canvas> elements to be added to whitelist see #71 and #10
While these elements have been known to have security implications it'd be interesting to add this flag configuration option in combination with the export to gh-pages feature mentioned in #68 find new hosting
If the export to gh-pages function:
- accepted optional flags for allowing iframes + canvas elements (maybe this is the only function which accepts those flags)
- requested all of a user's gists
- somehow identifies any gists which are not reveal.js presentations and ignores them (looks for the section element groupings in html? does include 'reveal' in reveal-gist.html filename and then removes it/sanitizes it? any other ideas?)
- builds a static html site of all the users gist slides with the default theme (or flag) and pushes it to a gh-pages branch
- adds a sidebar menu to html which can toggle display/hide and displays scrollable list of links to all the users presentations by gist.name
This would be a nice way to include the troublesome elements like canvas + iframe since gh-pages static hosting would reduce the security exposure/naughty opportunities (is that accurate?).
Sure it might not solve the rate-limiting issue with gh-pages but it would allow a user to build a static site archive of all his (public) slides to share, kind of cool!