From 1f34a8deb1608e3c804a66caafc1486ac49fb27b Mon Sep 17 00:00:00 2001
From: jmontoyaa <gugli100@gmail.com>
Date: Fri, 8 Sep 2017 11:55:03 +0200
Subject: [PATCH] Allow video source tag work with htmlpurifier #2133

---
 main/inc/lib/formvalidator/Rule/allowed_tags.inc.php | 3 +++
 main/inc/lib/security.lib.php                        | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/main/inc/lib/formvalidator/Rule/allowed_tags.inc.php b/main/inc/lib/formvalidator/Rule/allowed_tags.inc.php
index 41959e65f56..2c5ff4d7f40 100755
--- a/main/inc/lib/formvalidator/Rule/allowed_tags.inc.php
+++ b/main/inc/lib/formvalidator/Rule/allowed_tags.inc.php
@@ -316,6 +316,9 @@
 $allowed_tags_student['video']['controls'] = array();
 $allowed_tags_student['video']['id'] = array();
 
+$allowed_tags_student['source'] = array();
+$allowed_tags_student['source']['type'] = array();
+$allowed_tags_student['source']['src'] = array();
 
 // font
 $allowed_tags_student['font'] = array();
diff --git a/main/inc/lib/security.lib.php b/main/inc/lib/security.lib.php
index dd3e33605d3..64e22c8d859 100755
--- a/main/inc/lib/security.lib.php
+++ b/main/inc/lib/security.lib.php
@@ -380,6 +380,13 @@ public static function remove_XSS($var, $user_status = null, $filter_terms = fal
                         'controls' => 'Bool',
                     )
                 );
+                $def->addElement(
+                    'source',
+                    'Block',
+                    'Flow',
+                    'Common',
+                    array('src' => 'URI', 'type' => 'Text',)
+                );
             }
 
             $purifier[$user_status] = new HTMLPurifier($config);