Committer: gariev
LJSV-1498: Disable adding iframe from docs.google.com and google.com/calendarU trunk/cgi-bin/LJ/EmbedModule.pm U trunk/cgi-bin/cleanhtml.pl
Modified: trunk/cgi-bin/LJ/EmbedModule.pm =================================================================== --- trunk/cgi-bin/LJ/EmbedModule.pm 2011-04-06 04:01:55 UTC (rev 18800) +++ trunk/cgi-bin/LJ/EmbedModule.pm 2011-04-06 04:15:19 UTC (rev 18801) @@ -130,7 +130,7 @@ my $out= '<lj-embed id="'. $attrs{id} .'" '; - if($code =~ m!src="http://www\.youtube\.com/embed/([\w\d\_\-]+)"!) { + if ($code =~ m!src=["']?http://www\.youtube\.com/embed/([\w\d\_\-]+)['"]?!) { $out .= 'vid="'.$1.'" '; } @@ -444,6 +444,7 @@ extractimages => 0, noexpandembedded => 1, transform_embed_nocheck => 1, + journalid => $opts{journalid}, }); } Modified: trunk/cgi-bin/cleanhtml.pl =================================================================== --- trunk/cgi-bin/cleanhtml.pl 2011-04-06 04:01:55 UTC (rev 18800) +++ trunk/cgi-bin/cleanhtml.pl 2011-04-06 04:15:19 UTC (rev 18801) @@ -524,19 +524,23 @@ ## YouTube (http://apiblog.youtube.com/2010/07/new-way-to-embed-youtube-videos.html), ## Vimeo, VKontakte, Google Calendar, Google Docs, VK.com, etc. ## see @LJ::EMBED_IFRAME_WHITELIST in lj-disabled-conf - my $src = $attr->{'src'}; my $src_allowed = 0; - if ($src) { - foreach my $re ( @LJ::EMBED_IFRAME_WHITELIST ) { - if ( $src =~ $re ) { + if (my $src = $attr->{'src'}) { + foreach my $wl ( @LJ::EMBED_IFRAME_WHITELIST ) { + if ($src =~ $wl->{re}) { + if ($wl->{personal_posts_only}) { + last unless $opts->{journalid}; + my $u = LJ::load_userid($opts->{journalid}); + last unless $u && $u->is_personal; + } $src_allowed = 1; last; } } } - unless ( $src && $src_allowed ) { + unless ($src_allowed) { ## eat this tag if (!$attr->{'/'}) { ## if not autoclosed tag (<iframe />),