Problem/Motivation

Seems that adding captions for remote videos don't filter the caption as the formatter for images does (with an Xss::filter).

Steps to reproduce

Add a caption to a video with something susceptible of having HTML on it, like a token, the caption will have HTML tags on it.

Proposed resolution

Add a Xss::filter to the caption.

MR incoming

Issue fork glightbox_media_video-3491410

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

pcambra created an issue. See original summary.

pcambra opened merge request !3

pcambra’s picture

pcambra
he/him
Primary language Spanish
commented
Status: Active » Needs review

  • pcambra committed 879de33d on 1.0.x 
    Issue #3491410: Filter caption for videos
levmyshkin’s picture

levmyshkin
Location Novi Sad, Serbia
commented

Hi pcambra, thank you for your MR! It looks like big vulnerability, I will release a new tag for glightbox_media_video.

I copied code from this Colorbox Media Video module and it looks like there is also the same problem, I will raise a ticket for them.
https://www.drupal.org/project/colorbox_media_video

levmyshkin’s picture

levmyshkin
Location Novi Sad, Serbia
commented
Status: Needs review » Fixed
levmyshkin’s picture

levmyshkin
Location Novi Sad, Serbia
commented
Status: Fixed » Closed (fixed)