Browse Source

use iframe for oembed - untrusted content

pull/1/head
Friendika 9 years ago
parent
commit
1a7badb405
2 changed files with 23 additions and 3 deletions
  1. +1
    -2
      include/bbcode.php
  2. +22
    -1
      include/oembed.php

+ 1
- 2
include/bbcode.php View File

@ -19,8 +19,7 @@ function tryoembed($match){
if ($o->type=="error") return $match[0];
$html = oembed_format_object($o);
return $html;
return oembed_iframe($html,$o->width,$o->height);
}


+ 22
- 1
include/oembed.php View File

@ -1,8 +1,12 @@
<?php
function oembed_replacecb($matches){
logger('oembedcb');
$embedurl=$matches[1];
$j = oembed_fetch_url($embedurl);
return oembed_format_object($j);
$s = oembed_format_object($j);
return oembed_iframe($s,$j->width,$j->height);
}
@ -102,6 +106,23 @@ function oembed_format_object($j){
return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret));
}
function oembed_iframe($src,$width,$height) {
if(! $width || strstr($width,'%'))
$width = '640';
if(! $height || strstr($height,'%'))
$height = '300';
// try and leave some room for the description line.
$height = intval($height) + 80;
$width = intval($width) + 40;
$s = 'data:text/html;base64,' . base64_encode('<html><body>' . $src . '</body></html>');
return '<iframe height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>';
}
function oembed_bbcode2html($text){
$stopoembed = get_config("system","no_oembed");
if ($stopoembed == true){


Loading…
Cancel
Save