detect whether browser supports iframe.sandbox and allow iframes accordingly; allow object and embed elements

This commit is contained in:
Andrew Dolgov 2013-03-19 12:49:55 +04:00
parent 55783ca45c
commit 4f7d69e185
3 changed files with 7 additions and 2 deletions

View File

@ -285,6 +285,7 @@ class RPC extends Handler_Protected {
function sanityCheck() { function sanityCheck() {
$_SESSION["hasAudio"] = $_REQUEST["hasAudio"] === "true"; $_SESSION["hasAudio"] = $_REQUEST["hasAudio"] === "true";
$_SESSION["hasSandbox"] = $_REQUEST["hasSandbox"] === "true";
$reply = array(); $reply = array();

View File

@ -2626,7 +2626,9 @@
$allowed_elements = array('p', 'br', 'div', 'table', 'tr', 'td', 'th', $allowed_elements = array('p', 'br', 'div', 'table', 'tr', 'td', 'th',
'ul', 'ol', 'li', 'blockquote', 'span', 'html', 'body', 'a', 'img', 'ul', 'ol', 'li', 'blockquote', 'span', 'html', 'body', 'a', 'img',
'iframe', 'video', 'audio', 'source'); 'video', 'audio', 'source', 'object', 'embed');
if ($_SESSION['hasSandbox']) array_push($allowed_elements, 'iframe');
$disallowed_attributes = array('id', 'style', 'class'); $disallowed_attributes = array('id', 'style', 'class');

View File

@ -244,9 +244,11 @@ function init() {
loading_set_progress(20); loading_set_progress(20);
var hasAudio = !!((myAudioTag = document.createElement('audio')).canPlayType); var hasAudio = !!((myAudioTag = document.createElement('audio')).canPlayType);
var hasSandbox = "sandbox" in document.createElement("iframe");
new Ajax.Request("backend.php", { new Ajax.Request("backend.php", {
parameters: {op: "rpc", method: "sanityCheck", hasAudio: hasAudio}, parameters: {op: "rpc", method: "sanityCheck", hasAudio: hasAudio,
hasSandbox: hasSandbox},
onComplete: function(transport) { onComplete: function(transport) {
backend_sanity_check_callback(transport); backend_sanity_check_callback(transport);
} }); } });