diff options
| author | zotlabs <mike@macgirvin.com> | 2017-09-06 19:55:32 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-09-06 19:55:32 -0700 |
| commit | 318643cf9a8b40fad98df58f6c262d6ae6a0c63b (patch) | |
| tree | 15aad96da710078b437b43c2a88f8072947eeaf0 | |
| parent | ab9b82e77878e1c904d02ab931f8f6f8c0651a21 (diff) | |
| download | volse-hubzilla-318643cf9a8b40fad98df58f6c262d6ae6a0c63b.tar.gz volse-hubzilla-318643cf9a8b40fad98df58f6c262d6ae6a0c63b.tar.bz2 volse-hubzilla-318643cf9a8b40fad98df58f6c262d6ae6a0c63b.zip | |
mastodon wraps oembed in an iframe - which we immediately purify our of existence and what we really want to purify is the content. So strip away the iframe, fetch the content and purify that instead.
| -rwxr-xr-x | include/oembed.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/oembed.php b/include/oembed.php index 460e0244e..f662d84c7 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -225,6 +225,17 @@ function oembed_fetch_url($embedurl){ if($j['html']) { $orig = $j['html']; $allow_position = (($is_matrix) ? true : false); + + // some sites wrap their entire embed in an iframe + // which we will purify away and which we provide anyway. + // So if we see this, grab the frame src url and use that + // as the embed content - which will still need to be purified. + + if(preg_match('#<iframe(.*?)src=[\'\"](.?*)[\'\"]#',$matches,$j['html'])) { + $x = z_fetch_url($matches[2]); + $j['html'] = $x['body']; + } + $j['html'] = purify_html($j['html'],$allow_position); if($j['html'] != $orig) { logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO); |