From 34f4326dc53efd5ce1e1b964d6a7e29a92631343 Mon Sep 17 00:00:00 2001 From: Victor Costa Date: Wed, 29 Oct 2014 18:52:19 -0300 Subject: [PATCH] Allow trusted url without protocol for iframe in tinymce --- lib/white_list_filter.rb | 2 +- test/unit/white_list_filter_test.rb | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/white_list_filter.rb b/lib/white_list_filter.rb index 5c2d29f..8218ba1 100644 --- a/lib/white_list_filter.rb +++ b/lib/white_list_filter.rb @@ -9,7 +9,7 @@ module WhiteListFilter unless iframe =~ /src=['"].*src=['"]/ trusted_sites.each do |trusted_site| re_dom = trusted_site.gsub('.', '\.') - if iframe =~ /src=["']https?:\/\/(www\.)?#{re_dom}\// + if iframe =~ /src=["'](https?:)?\/\/(www\.)?#{re_dom}\// result = iframe end end diff --git a/test/unit/white_list_filter_test.rb b/test/unit/white_list_filter_test.rb index 8b7e0d9..27d6d29 100644 --- a/test/unit/white_list_filter_test.rb +++ b/test/unit/white_list_filter_test.rb @@ -40,6 +40,15 @@ class WhiteListFilterTest < ActiveSupport::TestCase assert_equal "", check_iframe_on_content(content, environment.trusted_sites_for_iframe) end + should 'allow iframe if it is from a trusted site and protocol was not specified' do + env = Environment.default + env.trusted_sites_for_iframe = ['avideosite.com'] + env.save + assert_includes Environment.default.trusted_sites_for_iframe, 'avideosite.com' + content = "" + assert_equal "", check_iframe_on_content(content, environment.trusted_sites_for_iframe) + end + should 'remove only the iframe from untrusted site' do content = "" assert_equal "", check_iframe_on_content(content, environment.trusted_sites_for_iframe) -- libgit2 0.21.2