mirror of
https://github.com/friendica/friendica
synced 2024-12-23 04:00:15 +00:00
use iframe for oembed - untrusted content
This commit is contained in:
parent
790c4a4e1a
commit
1a7badb405
2 changed files with 23 additions and 3 deletions
|
@ -19,8 +19,7 @@ function tryoembed($match){
|
|||
if ($o->type=="error") return $match[0];
|
||||
|
||||
$html = oembed_format_object($o);
|
||||
|
||||
return $html;
|
||||
return oembed_iframe($html,$o->width,$o->height);
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
<?php
|
||||
function oembed_replacecb($matches){
|
||||
logger('oembedcb');
|
||||
$embedurl=$matches[1];
|
||||
$j = oembed_fetch_url($embedurl);
|
||||
return oembed_format_object($j);
|
||||
$s = oembed_format_object($j);
|
||||
return oembed_iframe($s,$j->width,$j->height);
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
@ -102,6 +106,23 @@ function oembed_format_object($j){
|
|||
return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret));
|
||||
}
|
||||
|
||||
function oembed_iframe($src,$width,$height) {
|
||||
|
||||
if(! $width || strstr($width,'%'))
|
||||
$width = '640';
|
||||
if(! $height || strstr($height,'%'))
|
||||
$height = '300';
|
||||
// try and leave some room for the description line.
|
||||
$height = intval($height) + 80;
|
||||
$width = intval($width) + 40;
|
||||
|
||||
$s = 'data:text/html;base64,' . base64_encode('<html><body>' . $src . '</body></html>');
|
||||
return '<iframe height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>';
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
function oembed_bbcode2html($text){
|
||||
$stopoembed = get_config("system","no_oembed");
|
||||
if ($stopoembed == true){
|
||||
|
|
Loading…
Reference in a new issue