mastodon wraps oembed in an iframe - which we immediately purify our of existence and what we really want to purify is the content. So strip away the iframe, fetch the content and purify that instead.
This commit is contained in:
zotlabs
parent
ab9b82e778
commit
318643cf9a
@ -225,6 +225,17 @@ function oembed_fetch_url($embedurl){
|
||||
if($j['html']) {
|
||||
$orig = $j['html'];
|
||||
$allow_position = (($is_matrix) ? true : false);
|
||||
|
||||
// some sites wrap their entire embed in an iframe
|
||||
// which we will purify away and which we provide anyway.
|
||||
// So if we see this, grab the frame src url and use that
|
||||
// as the embed content - which will still need to be purified.
|
||||
|
||||
if(preg_match('#<iframe(.*?)src=[\'\"](.?*)[\'\"]#',$matches,$j['html'])) {
|
||||
$x = z_fetch_url($matches[2]);
|
||||
$j['html'] = $x['body'];
|
||||
}
|
||||
|
||||
$j['html'] = purify_html($j['html'],$allow_position);
|
||||
if($j['html'] != $orig) {
|
||||
logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO);
|
||||
|
||||
Reference in New Issue
Block a user