From 318643cf9a8b40fad98df58f6c262d6ae6a0c63b Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Wed, 6 Sep 2017 19:55:32 -0700
Subject: mastodon wraps oembed in an iframe - which we immediately purify our
 of existence and what we really want to purify is the content. So strip away
 the iframe, fetch the content and purify that instead.

---
 include/oembed.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'include')

diff --git a/include/oembed.php b/include/oembed.php
index 460e0244e..f662d84c7 100755
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -225,6 +225,17 @@ function oembed_fetch_url($embedurl){
 		if($j['html']) {
 			$orig = $j['html'];
 			$allow_position = (($is_matrix) ? true : false);
+
+			// some sites wrap their entire embed in an iframe
+			// which we will purify away and which we provide anyway.
+			// So if we see this, grab the frame src url and use that 
+			// as the embed content - which will still need to be purified.
+
+			if(preg_match('#<iframe(.*?)src=[\'\"](.?*)[\'\"]#',$matches,$j['html'])) {
+				$x = z_fetch_url($matches[2]);
+				$j['html'] = $x['body'];
+			}
+			
 			$j['html'] = purify_html($j['html'],$allow_position);
 			if($j['html'] != $orig) {
 				logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO); 
-- 
cgit v1.2.3