Page MenuHomeIn-Portal Phabricator

INP-1432 Process only frames from same domain
ClosedPublic

Authored by erik on May 5 2015, 4:27 AM.

Details

Test Plan
  1. open Admin Console
  2. go to ConfigurationWebsiteAdvanced section
  3. set Editing Window Style to Modal Window
  4. go to Website & ContentBrowse Website section
  5. select Content Mode (in top frame)
  6. input iframe tag like <iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/seI3EA7zafw" width="560"></iframe> into some CMS block and press Save button
  7. confirm that modal window closes

Diff Detail

Repository
rINP In-Portal
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

erik updated this revision to Diff 171.May 5 2015, 4:27 AM
erik retitled this revision from to INP-1432 Process only frames from same domain.
erik updated this object.
erik edited the test plan for this revision. (Show Details)
erik added 1 JIRA issue(s): INP-1432.
erik edited the test plan for this revision. (Show Details)May 5 2015, 4:31 AM
erik edited edge metadata.
alex requested changes to this revision.May 5 2015, 4:32 AM
alex edited edge metadata.

Please implement same protection on other getFrame function in script.js file, as mentioned in task description.

This revision now requires changes to proceed.May 5 2015, 4:32 AM
erik updated this revision to Diff 172.May 5 2015, 4:48 AM
erik edited edge metadata.

Made same change in the script.js

alex accepted this revision.May 5 2015, 4:49 AM
alex edited edge metadata.
This revision is now accepted and ready to land.May 5 2015, 4:49 AM
This revision was automatically updated to reflect the committed changes.
alex edited edge metadata.Mar 10 2016, 6:12 AM
alex added a project: Restricted Project.