misskey-dev/summaly
1
0
Fork 0
mirror of https://github.com/misskey-dev/summaly.git synced 2025-05-29 09:27:16 +09:00
Code Issues Packages Projects Releases Wiki Activity

more safelisted features

Browse Source
This commit is contained in:
Kagami Sascha Rosylight 2023-03-11 14:59:09 +01:00
parent a5a8c4437d
commit 5153305bdd
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/general.ts
View File

@ -72,7 +72,14 @@ async function getOEmbedRich($: cheerio.CheerioAPI, pageUrl: string): Promise<OE
}
const allowedFeatures = (iframe.attr('allow') ?? '').split(/\s+/g);
const safeList = ['', 'fullscreen', 'encrypted-media', 'picture-in-picture'];
const safeList = [
'',
'autoplay',
'clipboard-write',
'fullscreen',
'encrypted-media',
'picture-in-picture'
];
if (allowedFeatures.some(allow => !safeList.includes(allow))) {
// This iframe is probably too powerful to be embedded
return null;

2
test/oembed/oembed-allow-safelisted-features.json
View File

@ -1,6 +1,6 @@
{
"version": "1.0",
"type": "rich",
"html": "<iframe src='https://example.com/' allow='fullscreen encrypted-media picture-in-picture'></iframe>",
"html": "<iframe src='https://example.com/' allow='autoplay clipboard-write fullscreen encrypted-media picture-in-picture'></iframe>",
"height": 300
}