From e8a0d290c0622d8f1d008e92c4bc56fd701a8b68 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 25 Nov 2014 18:40:19 +0300 Subject: [PATCH] no_iframes: remove everything except good iframes --- plugins/no_iframes/init.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/plugins/no_iframes/init.php b/plugins/no_iframes/init.php index c66d7abaf..35f7187f5 100644 --- a/plugins/no_iframes/init.php +++ b/plugins/no_iframes/init.php @@ -4,7 +4,7 @@ class No_Iframes extends Plugin { function about() { return array(1.0, - "Remove embedded iframes", + "Remove embedded iframes (unless whitelisted)", "fox"); } @@ -16,7 +16,13 @@ class No_Iframes extends Plugin { function hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes) { - $allowed_elements = array_diff($allowed_elements, array("iframe")); + $xpath = new DOMXpath($doc); + $entries = $xpath->query('//iframe'); + + foreach ($entries as $entry) { + if (!iframe_whitelisted($entry)) + $entry->parentNode->removeChild($entry); + } return array($doc, $allowed_elements, $disallowed_attributes); }