From 6bfffbcf30ae6383af684218415a6ab1415d406c Mon Sep 17 00:00:00 2001 From: Frode Petterson Date: Tue, 23 Feb 2016 13:10:08 +0100 Subject: [PATCH 1/2] Added woff2 as a safe file type --- h5p.classes.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/h5p.classes.php b/h5p.classes.php index c8662a1..9627610 100644 --- a/h5p.classes.php +++ b/h5p.classes.php @@ -1664,7 +1664,7 @@ class H5PCore { 'js/h5p-utils.js', ); - public static $defaultContentWhitelist = 'json png jpg jpeg gif bmp tif tiff svg eot ttf woff otf webm mp4 ogg mp3 txt pdf rtf doc docx xls xlsx ppt pptx odt ods odp xml csv diff patch swf md textile'; + public static $defaultContentWhitelist = 'json png jpg jpeg gif bmp tif tiff svg eot ttf woff woff2 otf webm mp4 ogg mp3 txt pdf rtf doc docx xls xlsx ppt pptx odt ods odp xml csv diff patch swf md textile'; public static $defaultLibraryWhitelistExtras = 'js css'; public $librariesJsonData, $contentJsonData, $mainJsonData, $h5pF, $path, $development_mode, $h5pD, $disableFileCheck; From 43e9c7adcb277e010914c5fd9dee4c698bfb8d03 Mon Sep 17 00:00:00 2001 From: Frode Petterson Date: Wed, 27 Jan 2016 12:42:55 +0100 Subject: [PATCH 2/2] Avoid navigating inside iframe HFJ-1479 --- js/h5p.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/js/h5p.js b/js/h5p.js index 06f5ccb..d3e8b2c 100644 --- a/js/h5p.js +++ b/js/h5p.js @@ -375,7 +375,8 @@ H5P.getHeadTags = function (contentId) { return tags; }; - return createStyleTags(H5PIntegration.core.styles) + + return '' + + createStyleTags(H5PIntegration.core.styles) + createStyleTags(H5PIntegration.contents['cid-' + contentId].styles) + createScriptTags(H5PIntegration.core.scripts) + createScriptTags(H5PIntegration.contents['cid-' + contentId].scripts) +