aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-09-06 19:55:32 -0700
committerzotlabs <mike@macgirvin.com>2017-09-06 19:55:32 -0700
commit318643cf9a8b40fad98df58f6c262d6ae6a0c63b (patch)
tree15aad96da710078b437b43c2a88f8072947eeaf0 /include
parentab9b82e77878e1c904d02ab931f8f6f8c0651a21 (diff)
downloadvolse-hubzilla-318643cf9a8b40fad98df58f6c262d6ae6a0c63b.tar.gz
volse-hubzilla-318643cf9a8b40fad98df58f6c262d6ae6a0c63b.tar.bz2
volse-hubzilla-318643cf9a8b40fad98df58f6c262d6ae6a0c63b.zip
mastodon wraps oembed in an iframe - which we immediately purify our of existence and what we really want to purify is the content. So strip away the iframe, fetch the content and purify that instead.
Diffstat (limited to 'include')
-rwxr-xr-xinclude/oembed.php11
1 files changed, 11 insertions, 0 deletions
diff --git a/include/oembed.php b/include/oembed.php
index 460e0244e..f662d84c7 100755
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -225,6 +225,17 @@ function oembed_fetch_url($embedurl){
if($j['html']) {
$orig = $j['html'];
$allow_position = (($is_matrix) ? true : false);
+
+ // some sites wrap their entire embed in an iframe
+ // which we will purify away and which we provide anyway.
+ // So if we see this, grab the frame src url and use that
+ // as the embed content - which will still need to be purified.
+
+ if(preg_match('#<iframe(.*?)src=[\'\"](.?*)[\'\"]#',$matches,$j['html'])) {
+ $x = z_fetch_url($matches[2]);
+ $j['html'] = $x['body'];
+ }
+
$j['html'] = purify_html($j['html'],$allow_position);
if($j['html'] != $orig) {
logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO);