From dab9296da83a8061f2dcf80b70a8e35c028375f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Acid=20Chicken=20=28=E7=A1=AB=E9=85=B8=E9=B6=8F=29?=
 <root@acid-chicken.com>
Date: Sat, 1 Jun 2024 19:09:55 +0900
Subject: [PATCH] fix: safe allow

---
 src/summary/general/playerOEmbed.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/summary/general/playerOEmbed.ts b/src/summary/general/playerOEmbed.ts
index b27b6e6..a0634c1 100644
--- a/src/summary/general/playerOEmbed.ts
+++ b/src/summary/general/playerOEmbed.ts
@@ -84,8 +84,12 @@ export default function getPlayerOEmbed(context: Context) {
               decode(allowValue)
                 ?.replace(/^\s*|\s*$/g, "")
                 .split(/\s*;\s*/)
+                .filter((value) => value !== "accelerometer" && value !== "gyroscope")
                 .sort()) ||
             []
+          if (allow.some((value) => value !== "autoplay" && value !== "clipboard-write" && value !== "encrypted-media" && value !== "fullscreen" && value !== "picture-in-picture" && value !== "web-share")) {
+            return
+          }
           const srcValue = element.getAttribute("src")
           const src = srcValue ? decode(srcValue) : null
           switch (data.type) {