[SAK-43593] AntiSamy add iframe "allow" attribute - Sakai

XML

Word

Printable

Type: Bug
Status: RESOLVED
Priority: Major
Resolution: Fixed
Affects Version/s: 12.8 [Tentative], 19.5 [Tentative], 20.0, 21.0 [Tentative]
Fix Version/s: 21.0 [Tentative]
Component/s: Kernel
Labels:
None

Test Plan:
Hide

Go to Assignments and add a new assignment

in RTE (CKEditor) click source and add the following content:
<iframe allow="autoplay *; camera *; fullscreen *; encrypted-media *; microphone *"></iframe>

Click post and you should not receive a waning that your html has been stripped
Show
Go to Assignments and add a new assignment in RTE (CKEditor) click source and add the following content: <iframe allow="autoplay *; camera *; fullscreen *; encrypted-media *; microphone *"></iframe> Click post and you should not receive a waning that your html has been stripped

AntiSamy configuration should be updated to now allow the attribute "allow" in the iframe tag.

This is consistent with ~~SAK-39359~~ which allowed allowfullscreen and others for iframes.

I choose the regxp anything since there is text and urls mixed and it became to complex.

relates to

SAK-39359 AntiSamy should allow IFrames for popular sites

SAK-42226 LTI Content Item request expects to be placed in an iframe upon request

SAK-40030 Allow Placement advice iframe in Content Item return for Rich Text Editor