From fb69a844f1ce20fd6ba4bbbb352004bfc5d881af Mon Sep 17 00:00:00 2001
From: polo <ordipolo@gmx.fr>
Date: Fri, 28 Mar 2025 11:51:49 +0100
Subject: =?UTF-8?q?Security=20autorise=20iframe=20pour=20les=20vid=C3=A9os?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/controller/Security.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/controller/Security.php b/src/controller/Security.php
index ab59d07..818a2bd 100644
--- a/src/controller/Security.php
+++ b/src/controller/Security.php
@@ -1,7 +1,7 @@
 <?php
 // src/controller/Security.php
 //
-// utilise htmlawed contre les faille XSS
+// htmlawed nettoie les entrées de l'utilisateur, en particulier le html de l'éditeur
 
 class Security
 {
@@ -9,7 +9,7 @@ class Security
 	    'safe'=>1, // protection contre les élements et attributs dangereux
 
 	    // liste blanche d'éléments HTML
-	    'elements'=> 'h1, h2, h3, h4, h5, h6, p, s, em, span, strong, a, ul, ol, li, sup, sub, code, blockquote, div, pre, table, caption, colgroup, col, tbody, tr, th, td, figure, img, figcaption',
+	    'elements'=> 'h1, h2, h3, h4, h5, h6, p, s, em, span, strong, a, ul, ol, li, sup, sub, code, blockquote, div, pre, table, caption, colgroup, col, tbody, tr, th, td, figure, img, figcaption, iframe, small',
 
 	    // liste noire d'attributs HTML
 	    'deny_attribute'=> 'id, class' // on garde 'style'
-- 
cgit v1.2.3