diff options
| author | zotlabs <mike@macgirvin.com> | 2017-09-06 19:55:32 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-09-06 19:55:32 -0700 |
| commit | 318643cf9a8b40fad98df58f6c262d6ae6a0c63b (patch) | |
| tree | 15aad96da710078b437b43c2a88f8072947eeaf0 /include/oembed.php | |
| parent | ab9b82e77878e1c904d02ab931f8f6f8c0651a21 (diff) | |
| download | volse-hubzilla-318643cf9a8b40fad98df58f6c262d6ae6a0c63b.tar.gz volse-hubzilla-318643cf9a8b40fad98df58f6c262d6ae6a0c63b.tar.bz2 volse-hubzilla-318643cf9a8b40fad98df58f6c262d6ae6a0c63b.zip | |
mastodon wraps oembed in an iframe - which we immediately purify our of existence and what we really want to purify is the content. So strip away the iframe, fetch the content and purify that instead.
Diffstat (limited to 'include/oembed.php')
| -rwxr-xr-x | include/oembed.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/oembed.php b/include/oembed.php index 460e0244e..f662d84c7 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -225,6 +225,17 @@ function oembed_fetch_url($embedurl){ if($j['html']) { $orig = $j['html']; $allow_position = (($is_matrix) ? true : false); + + // some sites wrap their entire embed in an iframe + // which we will purify away and which we provide anyway. + // So if we see this, grab the frame src url and use that + // as the embed content - which will still need to be purified. + + if(preg_match('#<iframe(.*?)src=[\'\"](.?*)[\'\"]#',$matches,$j['html'])) { + $x = z_fetch_url($matches[2]); + $j['html'] = $x['body']; + } + $j['html'] = purify_html($j['html'],$allow_position); if($j['html'] != $orig) { logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO); |