oss/miniflux-v2
oss/miniflux-v2
1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-07-17 17:08:36 +00:00
Code Wiki Activity

Remove iframe inner HTML contents

Browse source 
An iframe element never has fallback content, as it will always create a nested
browsing context, regardless of whether the specified initial contents are
successfully used.

https://www.w3.org/TR/2010/WD-html5-20101019/the-iframe-element.html#the-iframe-element
This commit is contained in:
Frédéric Guillot 2021-02-13 13:52:18 -08:00 committed by fguillot
parent 5043749b9f
commit 0413daf76b
2 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
reader/sanitizer/sanitizer_test.go
View file

@ -173,6 +173,16 @@ func TestInvalidIFrame(t *testing.T) {
}
}
func TestIFrameWithChildElements(t *testing.T) {
input := `<iframe src="https://www.youtube.com/"><p>test</p></iframe>`
expected := `<iframe src="https://www.youtube.com/" sandbox="allow-scripts allow-same-origin allow-popups" loading="lazy"></iframe>`
output := Sanitize("http://example.com/", input)
if expected != output {
t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
}
}
func TestInvalidURLScheme(t *testing.T) {
input := `<p>This link is <a src="file:///etc/passwd">not valid</a></p>`
expected := `<p>This link is not valid</p>`