misskey-dev/summaly
1
0
Fork 0
mirror of https://github.com/misskey-dev/summaly.git synced 2025-04-29 02:37:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

built

Browse Source
This commit is contained in:
Kagami Sascha Rosylight 2023-03-11 22:38:44 +01:00
parent 38db975931
commit e43065b426
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
built/general.js
View File

@ -71,15 +71,23 @@ async function getOEmbedPlayer($, pageUrl) {
} }
// TODO: This implementation only allows basic syntax of `allow`. // TODO: This implementation only allows basic syntax of `allow`.
// Might need to implement better later. // Might need to implement better later.
const allowedFeatures = (iframe.attr('allow') ?? '').split(/\s*;\s*/g).filter(s => s);
const safeList = [ const safeList = [
'autoplay', 'autoplay',
'clipboard-write', 'clipboard-write',
'fullscreen', 'fullscreen',
'encrypted-media', 'encrypted-media',
'picture-in-picture' 'picture-in-picture',
'web-share',
]; ];
if (allowedFeatures.some(allow => !safeList.includes(allow))) { // YouTube has these but they are almost never used.
const ignoredList = [
'gyroscope',
'accelerometer',
];
const allowedPermissions = (iframe.attr('allow') ?? '').split(/\s*;\s*/g)
.filter(s => s)
.filter(s => !ignoredList.includes(s));
if (allowedPermissions.some(allow => !safeList.includes(allow))) {
// This iframe is probably too powerful to be embedded // This iframe is probably too powerful to be embedded
return null; return null;
} }
@ -87,7 +95,7 @@ async function getOEmbedPlayer($, pageUrl) {
url, url,
width, width,
height, height,
allow: allowedFeatures allow: allowedPermissions
}; };
} }
export default async (url, lang = null) => { export default async (url, lang = null) => {