use iframe for oembed - untrusted content
This commit is contained in:
parent
790c4a4e1a
commit
1a7badb405
2 changed files with 23 additions and 3 deletions
|
@ -19,8 +19,7 @@ function tryoembed($match){
|
||||||
if ($o->type=="error") return $match[0];
|
if ($o->type=="error") return $match[0];
|
||||||
|
|
||||||
$html = oembed_format_object($o);
|
$html = oembed_format_object($o);
|
||||||
|
return oembed_iframe($html,$o->width,$o->height);
|
||||||
return $html;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
<?php
|
<?php
|
||||||
function oembed_replacecb($matches){
|
function oembed_replacecb($matches){
|
||||||
|
logger('oembedcb');
|
||||||
$embedurl=$matches[1];
|
$embedurl=$matches[1];
|
||||||
$j = oembed_fetch_url($embedurl);
|
$j = oembed_fetch_url($embedurl);
|
||||||
return oembed_format_object($j);
|
$s = oembed_format_object($j);
|
||||||
|
return oembed_iframe($s,$j->width,$j->height);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -102,6 +106,23 @@ function oembed_format_object($j){
|
||||||
return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret));
|
return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function oembed_iframe($src,$width,$height) {
|
||||||
|
|
||||||
|
if(! $width || strstr($width,'%'))
|
||||||
|
$width = '640';
|
||||||
|
if(! $height || strstr($height,'%'))
|
||||||
|
$height = '300';
|
||||||
|
// try and leave some room for the description line.
|
||||||
|
$height = intval($height) + 80;
|
||||||
|
$width = intval($width) + 40;
|
||||||
|
|
||||||
|
$s = 'data:text/html;base64,' . base64_encode('<html><body>' . $src . '</body></html>');
|
||||||
|
return '<iframe height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>';
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function oembed_bbcode2html($text){
|
function oembed_bbcode2html($text){
|
||||||
$stopoembed = get_config("system","no_oembed");
|
$stopoembed = get_config("system","no_oembed");
|
||||||
if ($stopoembed == true){
|
if ($stopoembed == true){
|
||||||
|
|
Loading…
Reference in a new issue