Commit 1528876c authored by Ryan Lee's avatar Ryan Lee

protect correctly agains xss, set description properly

parent 8a253687
......@@ -11,7 +11,7 @@ module OpenProject::VideoWikiMacro
:requires_openproject => '>= 3.0.0' do
Redmine::WikiFormatting::Macros.register do
desc = "OpenProject video macro. Use as {{video(<url>[,<width>,<height>])}}."
desc "OpenProject video macro. Use as {{video(<url>[,<width>,<height>])}}."
macro :video do |video_wiki_content, args|
url = ""
w = 600
......@@ -22,9 +22,16 @@ module OpenProject::VideoWikiMacro
w = args[1]
h = args[2]
end
"<iframe type=\"text/html\" width=\"#{w}\" height=\"#{h}\" src=\"#{url}\" frameborder=\"0\"></iframe>".html_safe
html = "<iframe type=\"text/html\" width=\"".html_safe
html << w
html << "\" height=\"".html_safe
html << h
html << "\" src=\"".html_safe
html << url
html << "\" frameborder=\"0\"></iframe>".html_safe
html
else
"<code>Video macro error, check your syntax!</code>"
"<pre>Video macro error, check your syntax!</pre>".html_safe
end
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment