Use iframe sandbox for rendering HTML in transformation

Signed-off-by: Michal Čihař <michal@cihar.com>
author: Michal Čihař <michal@cihar.com> 2016-07-12 15:11:45 +0300
committer: Michal Čihař <michal@cihar.com> 2016-07-12 15:13:14 +0300
commit: 14fd2758114040d4aa2d49c50f425f1e5a046a7f (patch)
tree: 2bdbcef3fb910fc3e279ba6a0ee2e7510bfe9b15 /libraries
parent: c8297b4718d46f1d78ec7405cdbeb3b3f937001f (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php b/libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php
index e6bb8d9ba9..2774167730 100644
--- a/libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php
+++ b/libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php
@@ -45,7 +45,9 @@ abstract class FormattedTransformationsPlugin extends TransformationsPlugin
      */
     public function applyTransformation($buffer, $options = array(), $meta = '')
     {
-        return $buffer;
+        return '<iframe srcdoc="'
+            . strtr($buffer, '"', '\'')
+            . '" sandbox=""></iframe>';
     }
 
     /**
@@ -77,4 +79,4 @@ abstract class FormattedTransformationsPlugin extends TransformationsPlugin
         return "Formatted";
     }
 }
-?>
-\ No newline at end of file
+?>
author	Michal Čihař <michal@cihar.com>	2016-07-12 15:11:45 +0300
committer	Michal Čihař <michal@cihar.com>	2016-07-12 15:13:14 +0300
commit	14fd2758114040d4aa2d49c50f425f1e5a046a7f (patch)
tree	2bdbcef3fb910fc3e279ba6a0ee2e7510bfe9b15 /libraries
parent	c8297b4718d46f1d78ec7405cdbeb3b3f937001f (diff)