sanitize: forbid "allow" attribute

CSS: remove auto hyphens stuff, remove iframe width clipping to 98% because they get squished
2020-05-09 12:49:19 +03:00 · 2020-05-09 12:49:19 +03:00 · 2b55afbeec
parent a802649d53
commit 2b55afbeec
14 changed files with 6 additions and 143 deletions
--- a/include/functions.php
+++ b/include/functions.php
@ -1357,7 +1357,7 @@

 		if ($_SESSION['hasSandbox']) $allowed_elements[] = 'iframe';

-		$disallowed_attributes = array('id', 'style', 'class', 'width', 'height');
+		$disallowed_attributes = array('id', 'style', 'class', 'width', 'height', 'allow');

 		foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SANITIZE) as $plugin) {
 			$retval = $plugin->hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes, $article_id);
--- a/themes/compact.css
+++ b/themes/compact.css
@ -70,13 +70,6 @@ body.ttrss_main div.post div.content video {
  max-width: 98%;
  height: auto;
 }
-body.ttrss_main div.post div.content p {
-  hyphens: auto;
-}
-body.ttrss_main div.post div.content iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 body.ttrss_main .inline-player {
  display: flex;
  align-items: center;
@ -1283,16 +1276,6 @@ div.cdm.vgrlf .feed {
  font-style: italic;
  font-size: 11px;
 }
-.cdm div.content-inner p {
-  /*max-width : 650px;*/
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
-.cdm div.content-inner iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 .cdm div.header span.author {
  white-space: nowrap;
  color: #555;
@ -1922,11 +1905,6 @@ body.ttrss_zoom div.post div.header .row {
  align-items: center;
  justify-content: space-between;
 }
-body.ttrss_zoom div.post p {
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
 body.ttrss_zoom div.post div.content {
  font-size: 15px;
  line-height: 1.5;
--- a/themes/compact.css.map
+++ b/themes/compact.css.map
--- a/themes/compact_night.css
+++ b/themes/compact_night.css
@ -70,13 +70,6 @@ body.ttrss_main div.post div.content video {
  max-width: 98%;
  height: auto;
 }
-body.ttrss_main div.post div.content p {
-  hyphens: auto;
-}
-body.ttrss_main div.post div.content iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 body.ttrss_main .inline-player {
  display: flex;
  align-items: center;
@ -1283,16 +1276,6 @@ div.cdm.vgrlf .feed {
  font-style: italic;
  font-size: 11px;
 }
-.cdm div.content-inner p {
-  /*max-width : 650px;*/
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
-.cdm div.content-inner iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 .cdm div.header span.author {
  white-space: nowrap;
  color: #ccc;
@ -1913,11 +1896,6 @@ body.ttrss_zoom div.post div.header .row {
  align-items: center;
  justify-content: space-between;
 }
-body.ttrss_zoom div.post p {
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
 body.ttrss_zoom div.post div.content {
  font-size: 15px;
  line-height: 1.5;
--- a/themes/compact_night.css.map
+++ b/themes/compact_night.css.map
--- a/themes/light.css
+++ b/themes/light.css
@ -70,13 +70,6 @@ body.ttrss_main div.post div.content video {
  max-width: 98%;
  height: auto;
 }
-body.ttrss_main div.post div.content p {
-  hyphens: auto;
-}
-body.ttrss_main div.post div.content iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 body.ttrss_main .inline-player {
  display: flex;
  align-items: center;
@ -1283,16 +1276,6 @@ div.cdm.vgrlf .feed {
  font-style: italic;
  font-size: 11px;
 }
-.cdm div.content-inner p {
-  /*max-width : 650px;*/
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
-.cdm div.content-inner iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 .cdm div.header span.author {
  white-space: nowrap;
  color: #555;
@ -1922,11 +1905,6 @@ body.ttrss_zoom div.post div.header .row {
  align-items: center;
  justify-content: space-between;
 }
-body.ttrss_zoom div.post p {
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
 body.ttrss_zoom div.post div.content {
  font-size: 15px;
  line-height: 1.5;
--- a/themes/light.css.map
+++ b/themes/light.css.map
--- a/themes/light/cdm.less
+++ b/themes/light/cdm.less
@ -185,18 +185,6 @@ div.cdm.vgrlf .feed {
 		font-size: 11px;
 	}

-	div.content-inner p {
-		/*max-width : 650px;*/
-		-webkit-hyphens: auto;
-		-moz-hyphens: auto;
-		hyphens: auto;
-	}
-
-	div.content-inner iframe {
-		min-width : 50%;
-		max-width : 98%;
-	}
-
 	div.header span.author {
 		white-space : nowrap;
 		color : @default-text;
--- a/themes/light/tt-rss.less
+++ b/themes/light/tt-rss.less
@ -65,15 +65,6 @@ body.ttrss_main {
 				max-width : 98%;
 				height: auto;
 			}
-
-			p {
-				hyphens: auto;
-			}
-
-			iframe {
-				min-width : 50%;
-				max-width : 98%;
-			}
 		}
 	}

--- a/themes/light/zoom.less
+++ b/themes/light/zoom.less
@ -28,12 +28,6 @@ body.ttrss_zoom {
 			}
 		}

-		p {
-			-webkit-hyphens: auto;
-			-moz-hyphens: auto;
-			hyphens: auto;
-		}
-
 		div.content {
 			font-size : 15px;
 			line-height : 1.5;
--- a/themes/night.css
+++ b/themes/night.css
@ -71,13 +71,6 @@ body.ttrss_main div.post div.content video {
  max-width: 98%;
  height: auto;
 }
-body.ttrss_main div.post div.content p {
-  hyphens: auto;
-}
-body.ttrss_main div.post div.content iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 body.ttrss_main .inline-player {
  display: flex;
  align-items: center;
@ -1284,16 +1277,6 @@ div.cdm.vgrlf .feed {
  font-style: italic;
  font-size: 11px;
 }
-.cdm div.content-inner p {
-  /*max-width : 650px;*/
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
-.cdm div.content-inner iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 .cdm div.header span.author {
  white-space: nowrap;
  color: #ccc;
@ -1914,11 +1897,6 @@ body.ttrss_zoom div.post div.header .row {
  align-items: center;
  justify-content: space-between;
 }
-body.ttrss_zoom div.post p {
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
 body.ttrss_zoom div.post div.content {
  font-size: 15px;
  line-height: 1.5;
--- a/themes/night.css.map
+++ b/themes/night.css.map
--- a/themes/night_blue.css
+++ b/themes/night_blue.css
@ -71,13 +71,6 @@ body.ttrss_main div.post div.content video {
  max-width: 98%;
  height: auto;
 }
-body.ttrss_main div.post div.content p {
-  hyphens: auto;
-}
-body.ttrss_main div.post div.content iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 body.ttrss_main .inline-player {
  display: flex;
  align-items: center;
@ -1284,16 +1277,6 @@ div.cdm.vgrlf .feed {
  font-style: italic;
  font-size: 11px;
 }
-.cdm div.content-inner p {
-  /*max-width : 650px;*/
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
-.cdm div.content-inner iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 .cdm div.header span.author {
  white-space: nowrap;
  color: #ccc;
@ -1914,11 +1897,6 @@ body.ttrss_zoom div.post div.header .row {
  align-items: center;
  justify-content: space-between;
 }
-body.ttrss_zoom div.post p {
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
 body.ttrss_zoom div.post div.content {
  font-size: 15px;
  line-height: 1.5;
--- a/themes/night_blue.css.map
+++ b/themes/night_blue.css.map