sanitize: forbid "allow" attribute

CSS: remove auto hyphens stuff, remove iframe width clipping to 98% because they get squished
master
Andrew Dolgov 5 years ago
parent a802649d53
commit 2b55afbeec

@ -1357,7 +1357,7 @@
if ($_SESSION['hasSandbox']) $allowed_elements[] = 'iframe'; if ($_SESSION['hasSandbox']) $allowed_elements[] = 'iframe';
$disallowed_attributes = array('id', 'style', 'class', 'width', 'height'); $disallowed_attributes = array('id', 'style', 'class', 'width', 'height', 'allow');
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SANITIZE) as $plugin) { foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SANITIZE) as $plugin) {
$retval = $plugin->hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes, $article_id); $retval = $plugin->hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes, $article_id);

@ -70,13 +70,6 @@ body.ttrss_main div.post div.content video {
max-width: 98%; max-width: 98%;
height: auto; height: auto;
} }
body.ttrss_main div.post div.content p {
hyphens: auto;
}
body.ttrss_main div.post div.content iframe {
min-width: 50%;
max-width: 98%;
}
body.ttrss_main .inline-player { body.ttrss_main .inline-player {
display: flex; display: flex;
align-items: center; align-items: center;
@ -1283,16 +1276,6 @@ div.cdm.vgrlf .feed {
font-style: italic; font-style: italic;
font-size: 11px; font-size: 11px;
} }
.cdm div.content-inner p {
/*max-width : 650px;*/
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
.cdm div.content-inner iframe {
min-width: 50%;
max-width: 98%;
}
.cdm div.header span.author { .cdm div.header span.author {
white-space: nowrap; white-space: nowrap;
color: #555; color: #555;
@ -1922,11 +1905,6 @@ body.ttrss_zoom div.post div.header .row {
align-items: center; align-items: center;
justify-content: space-between; justify-content: space-between;
} }
body.ttrss_zoom div.post p {
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
body.ttrss_zoom div.post div.content { body.ttrss_zoom div.post div.content {
font-size: 15px; font-size: 15px;
line-height: 1.5; line-height: 1.5;

File diff suppressed because one or more lines are too long

@ -70,13 +70,6 @@ body.ttrss_main div.post div.content video {
max-width: 98%; max-width: 98%;
height: auto; height: auto;
} }
body.ttrss_main div.post div.content p {
hyphens: auto;
}
body.ttrss_main div.post div.content iframe {
min-width: 50%;
max-width: 98%;
}
body.ttrss_main .inline-player { body.ttrss_main .inline-player {
display: flex; display: flex;
align-items: center; align-items: center;
@ -1283,16 +1276,6 @@ div.cdm.vgrlf .feed {
font-style: italic; font-style: italic;
font-size: 11px; font-size: 11px;
} }
.cdm div.content-inner p {
/*max-width : 650px;*/
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
.cdm div.content-inner iframe {
min-width: 50%;
max-width: 98%;
}
.cdm div.header span.author { .cdm div.header span.author {
white-space: nowrap; white-space: nowrap;
color: #ccc; color: #ccc;
@ -1913,11 +1896,6 @@ body.ttrss_zoom div.post div.header .row {
align-items: center; align-items: center;
justify-content: space-between; justify-content: space-between;
} }
body.ttrss_zoom div.post p {
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
body.ttrss_zoom div.post div.content { body.ttrss_zoom div.post div.content {
font-size: 15px; font-size: 15px;
line-height: 1.5; line-height: 1.5;

File diff suppressed because one or more lines are too long

@ -70,13 +70,6 @@ body.ttrss_main div.post div.content video {
max-width: 98%; max-width: 98%;
height: auto; height: auto;
} }
body.ttrss_main div.post div.content p {
hyphens: auto;
}
body.ttrss_main div.post div.content iframe {
min-width: 50%;
max-width: 98%;
}
body.ttrss_main .inline-player { body.ttrss_main .inline-player {
display: flex; display: flex;
align-items: center; align-items: center;
@ -1283,16 +1276,6 @@ div.cdm.vgrlf .feed {
font-style: italic; font-style: italic;
font-size: 11px; font-size: 11px;
} }
.cdm div.content-inner p {
/*max-width : 650px;*/
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
.cdm div.content-inner iframe {
min-width: 50%;
max-width: 98%;
}
.cdm div.header span.author { .cdm div.header span.author {
white-space: nowrap; white-space: nowrap;
color: #555; color: #555;
@ -1922,11 +1905,6 @@ body.ttrss_zoom div.post div.header .row {
align-items: center; align-items: center;
justify-content: space-between; justify-content: space-between;
} }
body.ttrss_zoom div.post p {
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
body.ttrss_zoom div.post div.content { body.ttrss_zoom div.post div.content {
font-size: 15px; font-size: 15px;
line-height: 1.5; line-height: 1.5;

File diff suppressed because one or more lines are too long

@ -185,18 +185,6 @@ div.cdm.vgrlf .feed {
font-size: 11px; font-size: 11px;
} }
div.content-inner p {
/*max-width : 650px;*/
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
div.content-inner iframe {
min-width : 50%;
max-width : 98%;
}
div.header span.author { div.header span.author {
white-space : nowrap; white-space : nowrap;
color : @default-text; color : @default-text;

@ -65,15 +65,6 @@ body.ttrss_main {
max-width : 98%; max-width : 98%;
height: auto; height: auto;
} }
p {
hyphens: auto;
}
iframe {
min-width : 50%;
max-width : 98%;
}
} }
} }

@ -28,12 +28,6 @@ body.ttrss_zoom {
} }
} }
p {
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
div.content { div.content {
font-size : 15px; font-size : 15px;
line-height : 1.5; line-height : 1.5;

@ -71,13 +71,6 @@ body.ttrss_main div.post div.content video {
max-width: 98%; max-width: 98%;
height: auto; height: auto;
} }
body.ttrss_main div.post div.content p {
hyphens: auto;
}
body.ttrss_main div.post div.content iframe {
min-width: 50%;
max-width: 98%;
}
body.ttrss_main .inline-player { body.ttrss_main .inline-player {
display: flex; display: flex;
align-items: center; align-items: center;
@ -1284,16 +1277,6 @@ div.cdm.vgrlf .feed {
font-style: italic; font-style: italic;
font-size: 11px; font-size: 11px;
} }
.cdm div.content-inner p {
/*max-width : 650px;*/
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
.cdm div.content-inner iframe {
min-width: 50%;
max-width: 98%;
}
.cdm div.header span.author { .cdm div.header span.author {
white-space: nowrap; white-space: nowrap;
color: #ccc; color: #ccc;
@ -1914,11 +1897,6 @@ body.ttrss_zoom div.post div.header .row {
align-items: center; align-items: center;
justify-content: space-between; justify-content: space-between;
} }
body.ttrss_zoom div.post p {
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
body.ttrss_zoom div.post div.content { body.ttrss_zoom div.post div.content {
font-size: 15px; font-size: 15px;
line-height: 1.5; line-height: 1.5;

File diff suppressed because one or more lines are too long

@ -71,13 +71,6 @@ body.ttrss_main div.post div.content video {
max-width: 98%; max-width: 98%;
height: auto; height: auto;
} }
body.ttrss_main div.post div.content p {
hyphens: auto;
}
body.ttrss_main div.post div.content iframe {
min-width: 50%;
max-width: 98%;
}
body.ttrss_main .inline-player { body.ttrss_main .inline-player {
display: flex; display: flex;
align-items: center; align-items: center;
@ -1284,16 +1277,6 @@ div.cdm.vgrlf .feed {
font-style: italic; font-style: italic;
font-size: 11px; font-size: 11px;
} }
.cdm div.content-inner p {
/*max-width : 650px;*/
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
.cdm div.content-inner iframe {
min-width: 50%;
max-width: 98%;
}
.cdm div.header span.author { .cdm div.header span.author {
white-space: nowrap; white-space: nowrap;
color: #ccc; color: #ccc;
@ -1914,11 +1897,6 @@ body.ttrss_zoom div.post div.header .row {
align-items: center; align-items: center;
justify-content: space-between; justify-content: space-between;
} }
body.ttrss_zoom div.post p {
-webkit-hyphens: auto;
-moz-hyphens: auto;
hyphens: auto;
}
body.ttrss_zoom div.post div.content { body.ttrss_zoom div.post div.content {
font-size: 15px; font-size: 15px;
line-height: 1.5; line-height: 1.5;

File diff suppressed because one or more lines are too long
Loading…
Cancel
Save