misskey-dev/summaly
1
0
Fork 0
mirror of https://github.com/misskey-dev/summaly.git synced 2025-05-16 19:17:20 +09:00
Code Issues Packages Projects Releases Wiki Activity

built

Browse Source
This commit is contained in:
Kagami Sascha Rosylight 2023-03-11 15:09:32 +01:00
parent 51148cea27
commit 883baf437a
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
built/general.js
View File

@ -58,8 +58,16 @@ async function getOEmbedRich($, pageUrl) {
// No proper size info
return null;
}
const allowedFeatures = (iframe.attr('allow') ?? '').split(/\s+/g);
const safeList = ['', 'fullscreen', 'encrypted-media', 'picture-in-picture'];
// TODO: This implementation only allows basic syntax of `allow`.
// Might need to implement better later.
const allowedFeatures = (iframe.attr('allow') ?? '').split(/\s*;\s*/g).filter(s => s);
const safeList = [
'autoplay',
'clipboard-write',
'fullscreen',
'encrypted-media',
'picture-in-picture'
];
if (allowedFeatures.some(allow => !safeList.includes(allow))) {
// This iframe is probably too powerful to be embedded
return null;