Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitizing/Removing Iframe attributes properly #126

Closed
pankajpatel opened this issue Jun 25, 2019 · 4 comments · Fixed by #173
Closed

Sanitizing/Removing Iframe attributes properly #126

pankajpatel opened this issue Jun 25, 2019 · 4 comments · Fixed by #173

Comments

@pankajpatel
Copy link

This issue is coming form TryGhost/Ghost/issues/10796

As we can see from here: https://github.com/ampproject/amphtml/blob/master/extensions/amp-iframe/validator-amp-iframe.protoascii

The iframe attribute needs proper sanitization as some attributes accept no value but their presence and some attrs allow values from [0, 1]

  • scrolling: value as 0 or 1
  • frameborder: value as 0 or 1
  • allowtransparency: presence and no value
  • allowfullscreen: presence and no value
@kevinansfield kevinansfield mentioned this issue Jun 26, 2019
Closed
@ghost
Copy link

ghost commented Jan 14, 2020

Hello! Do you have any news on this?
I'm experiencing the issue with Spotify widget on a blog post:

Snap4

Amp version: https://rolhdz.net/detras-de-las-canciones-erika-ender/amp/

jbhannah added a commit that referenced this issue Feb 26, 2020
@jbhannah
Correctly sanitize certain iframe attributes
1ecbf85 
Fixes #126.
@jbhannah jbhannah mentioned this issue Feb 26, 2020
Merged
jbhannah added a commit that referenced this issue Feb 26, 2020
@jbhannah
fix(amp-iframe): correctly sanitize certain iframe attributes
6eead72 
Fix sanitization of the allowfullscreen, allowtransparency, frameborder, and scrolling properties on
iframe elements

Fixes #126
jbhannah added a commit that referenced this issue Feb 26, 2020
@jbhannah
fix(amp-iframe): correctly sanitize certain iframe attributes (#173)
b01a15d 
Fix sanitization of the allowfullscreen, allowtransparency, frameborder, and scrolling properties on
iframe elements

Fixes #126
@jbhannah
Copy link
Owner

@pankajpatel @rolxhdz I've just pushed version 0.6.1, try updating and see if that fixes your issues.

@cobbweb
Copy link

cobbweb commented Mar 4, 2020
edited
Loading

The scrolling attribute needs to be yes|no|auto, using 0|1 fails AMP validation.

As per: https://github.com/ampproject/amphtml/blob/master/extensions/amp-iframe/validator-amp-iframe.protoascii#L57

@jayneil
Copy link

jayneil commented Jun 12, 2021

@jbhannah - I'm still facing the same issue as seen in the attached screenshot. How do I fix it? I'm running Ghost 3.37.1

Spotify Embed issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Correctly sanitize certain iframe attributes jbhannah/amperize
4 participants
@cobbweb @jbhannah @pankajpatel @jayneil