From 5a3321a04ff06d84a8d6326844973c2a817f07a7 Mon Sep 17 00:00:00 2001
From: Kagami Sascha Rosylight <saschanaz@outlook.com>
Date: Thu, 20 Apr 2023 05:41:11 +0200
Subject: [PATCH] fix: allow legacy `allowfullscreen` (#9)

---
 built/general.js                                | 3 +++
 src/general.ts                                  | 3 +++
 test/index.ts                                   | 9 ++++++++-
 test/oembed/oembed-allow-fullscreen-legacy.json | 7 +++++++
 4 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 test/oembed/oembed-allow-fullscreen-legacy.json

diff --git a/built/general.js b/built/general.js
index 09925a8..193a0e8 100644
--- a/built/general.js
+++ b/built/general.js
@@ -103,6 +103,9 @@ async function getOEmbedPlayer($, pageUrl) {
     const allowedPermissions = (iframe.attr('allow') ?? '').split(/\s*;\s*/g)
         .filter(s => s)
         .filter(s => !ignoredList.includes(s));
+    if (iframe.attr('allowfullscreen') === '') {
+        allowedPermissions.push('fullscreen');
+    }
     if (allowedPermissions.some(allow => !safeList.includes(allow))) {
         // This iframe is probably too powerful to be embedded
         return null;
diff --git a/src/general.ts b/src/general.ts
index 81a4323..81569a1 100644
--- a/src/general.ts
+++ b/src/general.ts
@@ -115,6 +115,9 @@ async function getOEmbedPlayer($: cheerio.CheerioAPI, pageUrl: string): Promise<
 		(iframe.attr('allow') ?? '').split(/\s*;\s*/g)
 			.filter(s => s)
 			.filter(s => !ignoredList.includes(s));
+	if (iframe.attr('allowfullscreen') === '') {
+		allowedPermissions.push('fullscreen');
+	}
 	if (allowedPermissions.some(allow => !safeList.includes(allow))) {
 		// This iframe is probably too powerful to be embedded
 		return null;
diff --git a/test/index.ts b/test/index.ts
index 1b91e83..af86185 100644
--- a/test/index.ts
+++ b/test/index.ts
@@ -294,7 +294,14 @@ describe("oEmbed", () => {
 		await setUpFastify('oembed-allow-fullscreen.json');
 		const summary = await summaly(host);
 		expect(summary.player.url).toBe('https://example.com/');
-		expect(summary.player.allow).toStrictEqual(['fullscreen'])
+		expect(summary.player.allow).toStrictEqual(['fullscreen']);
+	});
+
+	test('allows legacy allowfullscreen', async () => {
+		await setUpFastify('oembed-allow-fullscreen-legacy.json');
+		const summary = await summaly(host);
+		expect(summary.player.url).toBe('https://example.com/');
+		expect(summary.player.allow).toStrictEqual(['fullscreen']);
 	});
 
 	test('allows safelisted permissions', async () => {
diff --git a/test/oembed/oembed-allow-fullscreen-legacy.json b/test/oembed/oembed-allow-fullscreen-legacy.json
new file mode 100644
index 0000000..16789f7
--- /dev/null
+++ b/test/oembed/oembed-allow-fullscreen-legacy.json
@@ -0,0 +1,7 @@
+{
+  "version": "1.0",
+  "type": "rich",
+  "html": "<iframe src='https://example.com/' allowfullscreen></iframe>",
+  "width": 500,
+  "height": 300
+}